Total
29575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1094 | 2 Datenbank Module, Woltlab | 2 Datenbank Module, Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php. | |||||
| CVE-2002-1264 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. | |||||
| CVE-2006-4952 | 1 Neosys | 1 Neon Webmail | 2025-04-03 | 7.5 HIGH | N/A |
| The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter. | |||||
| CVE-1999-0641 | 2025-04-03 | N/A | N/A | ||
| The UUCP service is running. | |||||
| CVE-2006-4554 | 1 Becubed | 1 Compression Plus | 2025-04-03 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header. | |||||
| CVE-2006-0641 | 1 Orbicule | 1 Undercover | 2025-04-03 | 2.6 LOW | N/A |
| Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination. | |||||
| CVE-2006-3429 | 1 Tigertom Scripts | 1 Ttcalc Script | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the currency parameter in (1) loan.php and (2) mortgage.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2000-0267 | 1 Cisco | 1 Catos | 2025-04-03 | 4.6 MEDIUM | N/A |
| Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. | |||||
| CVE-2005-0536 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion. | |||||
| CVE-2006-2608 | 1 Artmedic Webdesign | 1 Artmedic Newsletter | 2025-04-03 | 5.1 MEDIUM | N/A |
| artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php. | |||||
| CVE-2002-1102 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 5.0 MEDIUM | N/A |
| The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection. | |||||
| CVE-2005-0345 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 5.0 MEDIUM | N/A |
| viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter. | |||||
| CVE-2002-1808 | 1 Zack Coburn | 1 Meunity Community System | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Meunity Community System 1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when creating a topic. | |||||
| CVE-2005-4510 | 1 Extensis | 1 Netpublish Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter. | |||||
| CVE-2001-1521 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. | |||||
| CVE-2006-2302 | 1 Duware | 1 Dugallery | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_default.asp in DUGallery 2.x allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password field. | |||||
| CVE-2003-1226 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. | |||||
| CVE-2006-0661 | 1 Scriptme | 2 Sme Blog Host, Sme Gb Host | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag. | |||||
| CVE-2001-1193 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command. | |||||
| CVE-2000-0163 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
| asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file. | |||||