Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0152 | 1 Emil | 1 Emil | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in (1) the encode_mime function, (2) the encode_uuencode function, (3) or the decode_uuencode function for emil 2.1.0 and earlier allow remote attackers to execute arbitrary code via e-mail messages containing attachments with filenames. | |||||
| CVE-2006-2996 | 1 Lovecompass | 1 Aepartner | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/design.inc.php in LoveCompass aePartner 0.8.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dir[data] parameter. | |||||
| CVE-2005-2196 | 1 Apple | 1 Airport Card | 2025-04-03 | 2.1 LOW | N/A |
| The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network. | |||||
| CVE-2006-2617 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-03 | 5.0 MEDIUM | N/A |
| (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-0055 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
| The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. | |||||
| CVE-2004-2439 | 1 Hp | 17 Color Laserjet, Color Laserjet 4600, Laserjet 2500 and 14 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware. | |||||
| CVE-2005-1716 | 1 Ej3 | 1 Topo | 2025-04-03 | 5.0 MEDIUM | N/A |
| TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses. | |||||
| CVE-2003-0484 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. | |||||
| CVE-2005-3539 | 1 Hylafax | 1 Hylafax | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3. | |||||
| CVE-2006-3012 | 1 Eschew.net | 1 Phpbannerexchange | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php. | |||||
| CVE-2006-2533 | 1 Greg Donald | 1 Destiney Rated Images Script | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag. | |||||
| CVE-2006-0428 | 1 Oracle | 1 Weblogic Portal | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. | |||||
| CVE-2006-3605 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference. | |||||
| CVE-2005-0150 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2002-2115 | 1 Hns | 2 Hns, Hns-lite | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2005-4546 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | 7.8 HIGH | N/A |
| search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability. | |||||
| CVE-2006-4759 | 1 Punbb | 1 Punbb | 2025-04-03 | 3.6 LOW | N/A |
| PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926. | |||||
| CVE-2002-0278 | 1 Add2it | 1 Mailman Free | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. (dot dot) in the list parameter. | |||||
| CVE-2004-1409 | 1 Singapore | 1 Image Gallery Web Application | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2000-0209 | 1 University Of Kansas | 1 Lynx | 2025-04-03 | 7.6 HIGH | N/A |
| Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. | |||||