Total
29832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0061 | 1 Lionmax Software | 1 Www File Share Pro | 2025-04-03 | 7.5 HIGH | N/A |
| WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character. | |||||
| CVE-2000-1171 | 1 Markus Triska | 1 Cgiforum | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter. | |||||
| CVE-2003-0044 | 1 Apache | 1 Tomcat | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. | |||||
| CVE-2006-3882 | 1 Musicbox | 1 Musicbox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2005-1275 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2025-04-03 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | |||||
| CVE-2006-3330 | 1 Deltascripts | 1 Php Classifieds | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php. | |||||
| CVE-2001-1327 | 1 Berkeley Softworks | 1 Pmake | 2025-04-03 | 4.6 MEDIUM | N/A |
| pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake. | |||||
| CVE-2005-0594 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code. | |||||
| CVE-2006-0424 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information. | |||||
| CVE-2006-1747 | 1 Vwar | 1 Virtual War | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) popup.php, and other unspecified scripts in the admin folder. NOTE: these are different attack vectors than CVE-2006-1636 and CVE-2006-1503. | |||||
| CVE-2000-0028 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | |||||
| CVE-2006-4500 | 1 Ztml | 1 Ezportal Ztml Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters. | |||||
| CVE-2006-2839 | 1 Webwork | 1 Webwork | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory. | |||||
| CVE-1999-0360 | 1 Microsoft | 1 Site Server | 2025-04-03 | 7.2 HIGH | N/A |
| MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | |||||
| CVE-2004-2399 | 1 Securecomputing | 1 Sidewinder G2 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries. | |||||
| CVE-2000-0971 | 1 Avirt | 1 Avirt Mail Server | 2025-04-03 | 10.0 HIGH | N/A |
| Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command. | |||||
| CVE-2005-1447 | 1 Sitepanel | 1 Sitepanel | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter. | |||||
| CVE-2003-1256 | 1 E-theni | 1 E-theni | 2025-04-03 | 6.8 MEDIUM | N/A |
| aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php. | |||||
| CVE-2003-1203 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter. | |||||
| CVE-2005-3323 | 2 Debian, Zope | 2 Debian Linux, Zope | 2025-04-03 | 7.5 HIGH | N/A |
| docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. | |||||