Total
29833 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0630 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. | |||||
| CVE-2005-2266 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents. | |||||
| CVE-2002-0336 | 1 Galacticomm Technologies | 2 Worldgroup, Worldgroup Lite Personal Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. characters. | |||||
| CVE-2005-1128 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries. | |||||
| CVE-2005-4651 | 1 Alstrasoft | 1 Epay | 2025-04-03 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. | |||||
| CVE-2001-1357 | 1 Phpheaven | 1 Phpmychat | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables. | |||||
| CVE-2006-0588 | 1 Jaia Interactive | 1 Mytopix | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters. | |||||
| CVE-2005-1094 | 1 Network-client.com | 1 Ftp Now | 2025-04-03 | 4.6 MEDIUM | N/A |
| FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | |||||
| CVE-2004-1743 | 1 Efs Software | 1 Efs Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder. | |||||
| CVE-2004-1124 | 1 Sco | 2 Openserver, Unixware | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities. | |||||
| CVE-2006-4109 | 1 Drupal | 1 Bibliography Module | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4126 | 1 Dconnect | 1 Dconnect Daemon | 2025-04-03 | 5.0 MEDIUM | N/A |
| The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference. | |||||
| CVE-2001-0897 | 1 Infopop | 1 Ultimate Bulletin Board | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field. | |||||
| CVE-2000-0664 | 1 Analogx | 1 Simpleserver Www | 2025-04-03 | 5.0 MEDIUM | N/A |
| AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots. | |||||
| CVE-2001-0936 | 1 Frox | 1 Frox | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with the local caching method selected, allows remote FTP servers to run arbitrary code via a long response to an MDTM request. | |||||
| CVE-2005-2586 | 1 Mentor | 1 Adslfr4ii | 2025-04-03 | 2.1 LOW | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information. | |||||
| CVE-2002-0133 | 1 Avirt | 3 Avirt Gateway, Avirt Gateway Suite, Avirt Soho | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy. | |||||
| CVE-2003-0938 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.2 HIGH | N/A |
| vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure. | |||||
| CVE-2006-1234 | 1 Dsportal | 1 Dscounter | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | |||||
| CVE-2000-1021 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 7.5 HIGH | N/A |
| Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | |||||