Total
29832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2116 | 1 Planet Concept | 1 Planetgallery | 2025-04-03 | 7.5 HIGH | N/A |
| planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php. | |||||
| CVE-2005-4524 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak. | |||||
| CVE-2005-1319 | 1 Horde | 1 Imp | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-3821 | 1 Vtiger | 1 Vtiger Crm | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. | |||||
| CVE-2003-0596 | 1 Fdclone | 1 Fdclone | 2025-04-03 | 3.6 LOW | N/A |
| FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time. | |||||
| CVE-2006-3963 | 1 Banex | 1 Banex | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php. | |||||
| CVE-2000-0618 | 1 Stanley T. Shebs | 1 Xconq | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long DISPLAY environmental variable. | |||||
| CVE-2006-2665 | 1 V-webmail | 1 V-webmail | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. | |||||
| CVE-2003-0149 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters. | |||||
| CVE-2004-0838 | 1 Lexar | 1 Jumpdrive Secure | 2025-04-03 | 2.1 LOW | N/A |
| Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive. | |||||
| CVE-2006-1604 | 1 Exponent | 1 Exponent Cms | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted." | |||||
| CVE-2005-3495 | 1 Ar-blog | 1 Ar-blog | 2025-04-03 | 7.5 HIGH | N/A |
| Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies. | |||||
| CVE-2001-0648 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module. | |||||
| CVE-2005-0740 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. | |||||
| CVE-2000-0117 | 1 Sun | 3 Cobalt Raq, Cobalt Raq 2, Cobalt Raq 3i | 2025-04-03 | 7.2 HIGH | N/A |
| The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root). | |||||
| CVE-2006-2292 | 1 Inhouse Associates | 1 Ia-calendar | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in IA-Calendar allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in (a) calendar_new.asp and (b) default.asp, and (2) ID parameter in (c) calendar_detail.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1893 | 1 Ar-blog | 1 Ar-blog | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-0919 | 1 Adventia | 2 Adventia Chat, Adventia Server Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
| Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks. | |||||
| CVE-2000-0698 | 1 Minicom | 1 Minicom | 2025-04-03 | 5.0 MEDIUM | N/A |
| Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack. | |||||
| CVE-2005-0419 | 1 3com | 1 3cserver | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command. | |||||