Total
29568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2232 | 1 Scriptsez | 1 Cute Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook. | |||||
| CVE-2006-0555 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O). | |||||
| CVE-2001-0245 | 1 Microsoft | 2 Index Server, Indexing Service | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. | |||||
| CVE-2005-3116 | 1 Symantec Veritas | 1 Netbackup | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2000-0963 | 4 Freebsd, Gnu, Immunix and 1 more | 4 Freebsd, Ncurses, Immunix and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. | |||||
| CVE-2006-4857 | 1 Clicktech | 1 Clickblog | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters. | |||||
| CVE-2005-4428 | 1 Cerberus | 1 Cerberus Helpdesk | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. | |||||
| CVE-2006-2466 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.6 LOW | N/A |
| BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability." | |||||
| CVE-2003-0290 | 1 Etype | 1 Eserv | 2025-04-03 | 5.0 MEDIUM | N/A |
| Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated. | |||||
| CVE-2005-1545 | 1 Ht Editor | 1 Ht Editor | 2025-04-03 | 5.1 MEDIUM | N/A |
| Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow. | |||||
| CVE-2005-0100 | 1 Gnu | 2 Emacs, Xemacs | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | |||||
| CVE-2002-0160 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. | |||||
| CVE-2003-0479 | 1 Affordable Web Space Design | 1 Affordable Web Space Design Webbbs | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields. | |||||
| CVE-2005-4634 | 1 Activecampaign | 1 Supporttrio | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information. | |||||
| CVE-2003-1030 | 1 Dameware Development | 1 Mini Remote Control Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129. | |||||
| CVE-2001-1324 | 1 Paul Jarc | 1 Idtools | 2025-04-03 | 4.6 MEDIUM | N/A |
| cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges. | |||||
| CVE-2006-1142 | 1 Solido Systems | 1 Ravenous Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact. | |||||
| CVE-2001-0084 | 1 Gnome | 1 Gtk | 2025-04-03 | 7.2 HIGH | N/A |
| GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. | |||||
| CVE-2005-4049 | 1 Netart Media | 1 Blog System | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index.php and (2) the note parameter in blog.php. | |||||
| CVE-2006-1292 | 1 Php Icalendar | 1 Php Icalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php. | |||||