Total
29477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0808 | 1 Yngve Svendsen | 1 Gnatsweb | 2025-04-03 | 10.0 HIGH | N/A |
| gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter. | |||||
| CVE-2004-1190 | 1 Suse | 1 Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
| SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices. | |||||
| CVE-2000-0477 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. | |||||
| CVE-2005-4794 | 1 Cisco | 7 Application And Content Networking Software, Ata, Ip Phone 7902 and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. | |||||
| CVE-2003-0579 | 1 Ibm | 1 U2 Universe | 2025-04-03 | 4.6 MEDIUM | N/A |
| uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user. | |||||
| CVE-2003-0341 | 1 Owl | 1 Owl Intranet Engine | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field. | |||||
| CVE-2005-2838 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2005-0859 | 1 Czaries Network | 1 Czarnews | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14. | |||||
| CVE-2004-0590 | 3 Frees Wan, Openswan, Strongswan | 4 Frees Wan, Super Frees Wan, Openswan and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject. | |||||
| CVE-2001-1334 | 1 Phpslash | 1 Phpslash | 2025-04-03 | 5.0 MEDIUM | N/A |
| Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL. | |||||
| CVE-2004-0065 | 1 Phpgedview | 1 Phpgedview | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php. | |||||
| CVE-1999-1407 | 1 Redhat | 1 Linux | 2025-04-03 | 2.1 LOW | N/A |
| ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file. | |||||
| CVE-2002-0566 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. | |||||
| CVE-2001-1222 | 1 Plesk | 1 Plesk Server Administrator | 2025-04-03 | 5.0 MEDIUM | N/A |
| Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain. | |||||
| CVE-2002-1669 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
| pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. | |||||
| CVE-2005-0526 | 1 Pblang | 1 Pblang | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php. | |||||
| CVE-2006-0581 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp. | |||||
| CVE-2005-4619 | 1 Phpoutsourcing | 1 Zorum | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method. | |||||
| CVE-2000-0201 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
| The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. | |||||
| CVE-2003-1164 | 1 Mldonkey | 1 Mldonkey | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page. | |||||