Total
29806 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4428 | 1 Cerberus | 1 Cerberus Helpdesk | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. | |||||
| CVE-2006-2466 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.6 LOW | N/A |
| BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability." | |||||
| CVE-2003-0290 | 1 Etype | 1 Eserv | 2025-04-03 | 5.0 MEDIUM | N/A |
| Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated. | |||||
| CVE-2005-1545 | 1 Ht Editor | 1 Ht Editor | 2025-04-03 | 5.1 MEDIUM | N/A |
| Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow. | |||||
| CVE-2005-0100 | 1 Gnu | 2 Emacs, Xemacs | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | |||||
| CVE-2002-0160 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. | |||||
| CVE-2003-0479 | 1 Affordable Web Space Design | 1 Affordable Web Space Design Webbbs | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields. | |||||
| CVE-2005-4634 | 1 Activecampaign | 1 Supporttrio | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information. | |||||
| CVE-2003-1030 | 1 Dameware Development | 1 Mini Remote Control Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129. | |||||
| CVE-2001-1324 | 1 Paul Jarc | 1 Idtools | 2025-04-03 | 4.6 MEDIUM | N/A |
| cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges. | |||||
| CVE-2006-1142 | 1 Solido Systems | 1 Ravenous Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact. | |||||
| CVE-2001-0084 | 1 Gnome | 1 Gtk | 2025-04-03 | 7.2 HIGH | N/A |
| GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. | |||||
| CVE-2005-4049 | 1 Netart Media | 1 Blog System | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index.php and (2) the note parameter in blog.php. | |||||
| CVE-2006-1292 | 1 Php Icalendar | 1 Php Icalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php. | |||||
| CVE-2005-2279 | 1 Cisco | 1 Ons 15216 Optical Add Drop Multiplexer Software | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data. | |||||
| CVE-2004-2255 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. | |||||
| CVE-2005-2722 | 1 Foojan | 1 Php Weblog | 2025-04-03 | 5.0 MEDIUM | N/A |
| Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message. | |||||
| CVE-2001-0487 | 1 Ibm | 1 Aix Snmp | 2025-04-03 | 5.0 MEDIUM | N/A |
| AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection. | |||||
| CVE-1999-0105 | 2025-04-03 | 2.1 LOW | N/A | ||
| finger allows recursive searches by using a long string of @ symbols. | |||||
| CVE-2005-1178 | 1 Oracle | 1 Forms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature. | |||||