Total
29478 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2737 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. | |||||
| CVE-2000-1173 | 1 Microsys | 1 Cyberpatrol | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information. | |||||
| CVE-2004-1511 | 1 Hotfoon Corporation | 1 Hotfoon | 2025-04-03 | 5.0 MEDIUM | N/A |
| Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certain link sent in a chat window. | |||||
| CVE-2006-2995 | 1 Webprojectdb | 1 Webprojectdb | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter in (1) include/nav.php and (2) include/lang.php. | |||||
| CVE-2006-1195 | 1 Enet | 1 Enet Library | 2025-04-03 | 5.0 MEDIUM | N/A |
| The enet_protocol_handle_send_fragment function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet fragment with a large total data size, which triggers an application abort when memory allocation fails. | |||||
| CVE-2006-3972 | 1 Scott Weedon | 1 Ajax Chat | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter. | |||||
| CVE-2004-0235 | 8 Clearswift, F-secure, Rarlab and 5 more | 13 Mailsweeper, F-secure Anti-virus, F-secure For Firewalls and 10 more | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). | |||||
| CVE-2002-2142 | 1 Bea | 2 Weblogic Integration, Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
| An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. | |||||
| CVE-2004-1757 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. | |||||
| CVE-2006-2358 | 1 Web-labs | 1 Web-labs Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2002-2166 | 1 E-zone Media Inc. | 1 Fusetalk | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allows remote attackers to insert arbitrary HTML and web script. | |||||
| CVE-2004-1022 | 1 Kerio | 3 Kerio Mailserver, Serverfirewall, Winroute Firewall | 2025-04-03 | 2.1 LOW | N/A |
| Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. | |||||
| CVE-2002-0872 | 1 L2tpd | 1 L2tpd | 2025-04-03 | 7.5 HIGH | N/A |
| l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions. | |||||
| CVE-2005-1479 | 1 Jgs-xa | 1 Jgs-portal | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1264 | 1 Xhawk.net | 1 Discussion | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. | |||||
| CVE-2001-1297 | 1 Actionpoll | 1 Actionpoll | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter. | |||||
| CVE-2006-3959 | 1 X-scripts | 1 X-statistics | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter. | |||||
| CVE-2005-2034 | 1 Blue-collar Productions | 1 I-gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. | |||||
| CVE-2001-0704 | 1 Arcadia | 1 Arcadia Internet Store | 2025-04-03 | 7.5 HIGH | N/A |
| tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist. | |||||
| CVE-1999-0312 | 1 Hp | 1 Hp-ux | 2025-04-03 | 5.0 MEDIUM | N/A |
| HP ypbind allows attackers with root privileges to modify NIS data. | |||||