Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4941 | 1 Moodle | 1 Moodle | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php. | |||||
| CVE-2003-0640 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 10.0 HIGH | N/A |
| BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. | |||||
| CVE-2000-0850 | 1 Netegrity | 1 Siteminder | 2025-04-03 | 7.5 HIGH | N/A |
| Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL. | |||||
| CVE-2006-0821 | 1 Bxcp | 1 Bxcp | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2006-0889 | 1 Brown Bear Software | 1 Calcium | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2001-0378 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 2.1 LOW | N/A |
| readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files. | |||||
| CVE-2006-2004 | 1 Michael Romedahl | 1 Ri Blog | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields. | |||||
| CVE-2006-4800 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | |||||
| CVE-2001-0160 | 2 Lucent, Orinoco | 2 Wavelan, Orinoco Wavelan | 2025-04-03 | 5.0 MEDIUM | N/A |
| Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages. | |||||
| CVE-2004-1502 | 1 Software602 | 1 602lan Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop. | |||||
| CVE-2005-2149 | 1 The Cacti Group | 1 Cacti | 2025-04-03 | 10.0 HIGH | N/A |
| config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. | |||||
| CVE-2002-1573 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling." | |||||
| CVE-2006-3278 | 1 Positive Software | 1 H-sphere | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name. | |||||
| CVE-2006-4956 | 1 Neosys | 1 Neon Webmail | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field. | |||||
| CVE-2006-0244 | 1 Phpxplorer | 1 Phpxplorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root | |||||
| CVE-2005-4449 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 4.0 MEDIUM | N/A |
| verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability. | |||||
| CVE-2006-4946 | 1 Cmsdevelopment | 1 Business Card Web Builder | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2006-3329 | 1 Deltascripts | 1 Php Classifieds | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter. | |||||
| CVE-2003-1247 | 1 Positive Software | 1 H-sphere | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist. | |||||
| CVE-1999-0042 | 5 Bsdi, Caldera, Ibm and 2 more | 6 Bsd Os, Openlinux, Aix and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in University of Washington's implementation of IMAP and POP servers. | |||||