Total
29804 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1242 | 1 Apc | 1 Powerchute | 2025-04-03 | 9.0 HIGH | N/A |
| The HTTP service in American Power Conversion (APC) PowerChute uses a default username and password, which allows remote attackers to gain system access. | |||||
| CVE-2005-1416 | 1 Soft3304 | 1 04webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder. | |||||
| CVE-2004-2414 | 1 Novell | 1 Netware | 2025-04-03 | 2.1 LOW | N/A |
| Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. | |||||
| CVE-2006-2432 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token. | |||||
| CVE-2000-0622 | 1 Oreilly | 1 Website Professional | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. | |||||
| CVE-2006-2485 | 1 Quezza | 1 Quezza Bb | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter. | |||||
| CVE-2003-0331 | 1 Ttcms | 1 Ttforum | 2025-04-03 | 10.0 HIGH | N/A |
| SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page. | |||||
| CVE-2004-1559 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. | |||||
| CVE-2006-2653 | 1 D-link | 1 Dsa-3100 Airspot Gateway | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. | |||||
| CVE-2002-1397 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 7.5 HIGH | N/A |
| Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow. | |||||
| CVE-2005-0039 | 1 Nissc | 1 Ipsec | 2025-04-03 | 6.4 MEDIUM | N/A |
| Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address. | |||||
| CVE-2005-1523 | 1 Gnu | 1 Mailutils | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. | |||||
| CVE-2005-4579 | 1 Hitachi | 1 Business Logic | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form. | |||||
| CVE-2005-4213 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie. | |||||
| CVE-1999-0359 | 1 Marc Schaefer | 1 Ptylogin | 2025-04-03 | 7.5 HIGH | N/A |
| ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords. | |||||
| CVE-2005-1331 | 1 Apple | 3 Applescript, Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
| The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs. | |||||
| CVE-2000-0358 | 1 Redhat | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program. | |||||
| CVE-2006-2570 | 1 Calogic | 1 Calogic Calendars | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue. | |||||
| CVE-2002-0822 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
| Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. | |||||
| CVE-2005-4145 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | 6.5 MEDIUM | N/A |
| The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack. | |||||