Total
29561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1148 | 1 Les Visiteurs | 1 Les Visiteurs | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/. | |||||
| CVE-2001-0571 | 1 Elron | 2 Im Anti Virus, Im Message Inspector | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL. | |||||
| CVE-2006-0658 | 1 Fckeditor | 1 Fckeditor | 2025-04-03 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt. | |||||
| CVE-2002-2046 | 1 Xqus | 1 X-news | 2025-04-03 | 7.5 HIGH | N/A |
| x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie. | |||||
| CVE-2001-0553 | 1 Ssh | 1 Secure Shell | 2025-04-03 | 7.2 HIGH | N/A |
| SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field. | |||||
| CVE-2006-3264 | 1 Namo | 1 Deepsearch | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | |||||
| CVE-2003-0081 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. | |||||
| CVE-2005-3961 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
| export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | |||||
| CVE-2000-0961 | 1 Netscape | 2 Messaging Server, Netscape Messaging Server Multiplexor | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. | |||||
| CVE-2000-0156 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
| Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. | |||||
| CVE-2002-2009 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. | |||||
| CVE-1999-0514 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
| UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. | |||||
| CVE-2003-1281 | 1 Eekim | 1 Cgihtml | 2025-04-03 | 2.1 LOW | N/A |
| cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files. | |||||
| CVE-2000-0874 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 5.0 MEDIUM | N/A |
| Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF). | |||||
| CVE-2004-1562 | 1 W-agora | 1 W-agora | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2005-2008 | 1 Yaws | 1 Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null). | |||||
| CVE-1999-0269 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netscape Enterprise servers may list files through the PageServices query. | |||||
| CVE-2002-0363 | 1 Aladdin Enterprises | 1 Ghostscript | 2025-04-03 | 7.5 HIGH | N/A |
| ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. | |||||
| CVE-2004-2477 | 1 Diamondcs | 1 Process Guard Free | 2025-04-03 | 2.1 LOW | N/A |
| DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe. | |||||
| CVE-2004-1298 | 1 Michael Kohn | 1 Vb2c | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arbitrary code via a crafted FRM file. | |||||