Total
29810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3219 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter. | |||||
| CVE-2006-3273 | 1 Astrodog Press | 1 Some Chess | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field). | |||||
| CVE-2004-0068 | 1 Phpdig.net | 1 Phpdig | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1505 | 1 Apple | 1 Mail | 2025-04-03 | 7.5 HIGH | N/A |
| The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. | |||||
| CVE-2006-3826 | 1 Kailash Nadh | 1 Boastmachine | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters in register.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (4) cat_list and (5) key parameters in a certain portion of the admin interface. | |||||
| CVE-2005-0779 | 1 Platinumftp | 1 Platinumftpserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username. | |||||
| CVE-2000-0065 | 1 Avtronics | 1 Inetserv | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. | |||||
| CVE-2002-1781 | 1 Delegate | 1 Delegate | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy. | |||||
| CVE-2006-1326 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action. | |||||
| CVE-2005-0901 | 1 Nukebookmarks | 1 Nukebookmarks | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the (1) catname, (2) markname, (3) comment, or (4) category parameter. | |||||
| CVE-2004-1438 | 1 Subversion | 1 Subversion | 2025-04-03 | 2.1 LOW | N/A |
| The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command. | |||||
| CVE-2005-3695 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter. | |||||
| CVE-2006-1931 | 1 Yukihiro Matsumoto | 1 Ruby | 2025-04-03 | 5.0 MEDIUM | N/A |
| The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. | |||||
| CVE-2006-3666 | 1 Myiosoft.com | 1 Ajaxportal | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the 'Search' field, a different vulnerability than CVE-2006-3515. | |||||
| CVE-2003-0328 | 1 Epic | 1 Epic4 | 2025-04-03 | 7.5 HIGH | N/A |
| EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation. | |||||
| CVE-2006-1649 | 1 Eset Software | 1 Nod32 Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
| The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions. | |||||
| CVE-2006-4452 | 1 Web3king | 1 Web3news | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter. | |||||
| CVE-2005-2151 | 1 Double Precision Incorporated | 1 Courier Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. | |||||
| CVE-2003-0315 | 1 Snowblind.net | 1 Snowblind Web Server | 2025-04-03 | 7.5 HIGH | N/A |
| Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow. | |||||
| CVE-2002-1595 | 1 Cisco | 1 Sn 5420 Storage Router Firmware | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization. | |||||