Total
29798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0087 | 1 Lotus | 1 Domino | 2025-04-03 | 2.1 LOW | N/A |
| bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2006-1710 | 1 Design Nation | 1 Dnguestbook | 2025-04-03 | 7.6 HIGH | N/A |
| SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. | |||||
| CVE-2005-1081 | 1 Azerbaijan Development Group | 1 Azdgdating | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2001-0397 | 1 Silent Runner | 1 Silent Runner Collector Src | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command. | |||||
| CVE-2006-2427 | 1 Clam Anti-virus | 2 Clamav, Clamxav | 2025-04-03 | 7.2 HIGH | N/A |
| freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. | |||||
| CVE-2005-3201 | 1 Utopia Software | 1 Utopia News Pro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter. | |||||
| CVE-2006-1438 | 1 Andy Grayndler | 1 Andys Php Knowledgebase | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php. | |||||
| CVE-2006-3592 | 1 Cisco | 1 Unified Callmanager | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. | |||||
| CVE-2005-1621 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php. | |||||
| CVE-2003-0761 | 1 Digium | 1 Asterisk | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests. | |||||
| CVE-2006-2360 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2000-0500 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. | |||||
| CVE-2004-0096 | 1 Apache | 1 Mod Python | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973. | |||||
| CVE-2005-1262 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 5.0 MEDIUM | N/A |
| Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message. | |||||
| CVE-1999-0736 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-2004-0460 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. | |||||
| CVE-2006-1562 | 1 Vscripts | 1 Vbook | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) autor, (2) www, (3) temat, and (4) tresc parameters. | |||||
| CVE-2006-0817 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556. | |||||
| CVE-2006-0320 | 1 Bit 5 Blog | 1 Bit 5 Blog | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter. | |||||
| CVE-2006-2563 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
| The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. | |||||