Total
29823 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0619 | 1 Lucent | 1 Orinoco | 2025-04-03 | 7.5 HIGH | N/A |
| The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear. | |||||
| CVE-2005-3388 | 1 Php | 1 Php | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | |||||
| CVE-2006-3169 | 1 Comscripts | 1 Cs-forum | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php. | |||||
| CVE-2004-2052 | 1 Esesix | 1 Thintune | 2025-04-03 | 7.5 HIGH | N/A |
| eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing. | |||||
| CVE-2005-0882 | 1 Birdblog | 1 Birdblog | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters. | |||||
| CVE-2005-2599 | 1 Hummingbird | 1 Connectivity | 2025-04-03 | 7.5 HIGH | N/A |
| Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges. | |||||
| CVE-2006-2354 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
| NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2002-0290 | 1 Netwin | 1 Webnews | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument. | |||||
| CVE-2001-0223 | 1 Spawar.navy.mil | 1 Wwwwais.25.c | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in wwwwais allows remote attackers to execute arbitrary commands via a long QUERY_STRING (HTTP GET request). | |||||
| CVE-2004-1115 | 1 Gentoo | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
| The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||||
| CVE-2006-1703 | 1 Hubert Plisson | 1 Sire | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter. | |||||
| CVE-2002-0826 | 1 Progress | 1 Ws Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. | |||||
| CVE-2006-1205 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php. | |||||
| CVE-2006-2858 | 1 Locazo | 1 Locazolist Classifieds | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1.05e allows remote attackers to execute arbitrary SQL commands via the msgid parameter. | |||||
| CVE-2005-4497 | 1 Tangora | 1 Tangora Portal Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx. | |||||
| CVE-2006-3832 | 1 Gerrit Van Aaken | 1 Loudblog | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2001-0036 | 1 Kth | 1 Kth Kerberos | 2025-04-03 | 1.2 LOW | N/A |
| KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file. | |||||
| CVE-2006-0528 | 1 Gnome | 1 Evolution | 2025-04-03 | 5.0 MEDIUM | N/A |
| The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. | |||||
| CVE-2005-3281 | 1 Nukefixes | 1 Nukefixes | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter. | |||||
| CVE-2002-0888 | 1 3com | 1 3cp4144 | 2025-04-03 | 7.5 HIGH | N/A |
| 3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router. | |||||