Total
29827 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0929 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php. | |||||
| CVE-2002-0463 | 1 Arsc Really Simple Chat | 1 Arsc Really Simple Chat | 2025-04-03 | 5.0 MEDIUM | N/A |
| home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message. | |||||
| CVE-2005-3005 | 1 Helpdesk Software | 1 Hesk | 2025-04-03 | 7.5 HIGH | N/A |
| Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie. | |||||
| CVE-2006-2869 | 1 Alwil | 1 Avast Antivirus | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. | |||||
| CVE-1999-1451 | 1 Microsoft | 2 Internet Information Server, Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. | |||||
| CVE-2003-0259 | 1 Cisco | 6 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3015 Concentrator and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet. | |||||
| CVE-2006-2942 | 1 Twiki | 1 Twiki | 2025-04-03 | 5.1 MEDIUM | N/A |
| TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup. | |||||
| CVE-2005-4219 | 1 Innovative Cms | 1 Innovative Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
| setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processed before content is returned to the user, so this might not be a vulnerability. | |||||
| CVE-2006-2542 | 1 Ti Kan | 1 Xmcd | 2025-04-03 | 2.1 LOW | N/A |
| xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption). | |||||
| CVE-2005-3781 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries." | |||||
| CVE-2005-3406 | 1 Butterfat | 1 Phpesp | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1096 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter. | |||||
| CVE-2006-0116 | 1 Inetstore | 1 Inetstore Online | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter. | |||||
| CVE-2005-2565 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2025-04-03 | 5.0 MEDIUM | N/A |
| Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message. | |||||
| CVE-2003-0646 | 1 Trend Micro | 2 Damage Cleanup Server, Housecall | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings. | |||||
| CVE-2006-0647 | 1 Sun | 1 Java System Directory Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite. | |||||
| CVE-2005-1272 | 2 Broadcom, Ca | 4 Brightstor Enterprise Backup, Brightstor Arcserve Backup, Brightstor Arcserve Backup Agent and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050. | |||||
| CVE-2004-0278 | 1 Ratbag | 5 Dirt Track Racing, Dirt Track Racing Australia, Dirt Track Racing Sprint Cars and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data. | |||||
| CVE-2005-3356 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors. | |||||
| CVE-2002-1475 | 1 Hp | 1 Tru64 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service. | |||||