Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1791 | 1 Edimax | 1 Full Rate Adsl Router | 2025-04-03 | 7.5 HIGH | N/A |
| The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access. | |||||
| CVE-2003-0070 | 2 Gnome, Nalin Dahyabhai | 2 Gnome-terminal, Vte | 2025-04-03 | 6.8 MEDIUM | N/A |
| VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2004-1953 | 1 Phprofession | 1 Phprofession | 2025-04-03 | 5.0 MEDIUM | N/A |
| phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. | |||||
| CVE-2001-0841 | 1 Ikonboard.com | 1 Ikonboard | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. | |||||
| CVE-2005-3210 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2006-3757 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | 5.0 MEDIUM | N/A |
| index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability. | |||||
| CVE-2004-2363 | 1 Phpx | 1 Phpx | 2025-04-03 | 4.3 MEDIUM | N/A |
| Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal "<", ">", "(", and ")" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors. | |||||
| CVE-2004-2307 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. | |||||
| CVE-2006-2971 | 1 Overkill | 1 Overkill | 2025-04-03 | 5.0 MEDIUM | N/A |
| Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function. | |||||
| CVE-2006-4030 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." | |||||
| CVE-2006-2106 | 1 Edgewall Software | 1 Trac | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro." | |||||
| CVE-2006-3532 | 1 Pivot | 1 Pivot | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter. | |||||
| CVE-2005-4433 | 1 Esselbach Internet Solutions | 1 Esselbach Storyteller Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Search field. | |||||
| CVE-2003-0121 | 1 Clearswift | 1 Mailsweeper | 2025-04-03 | 7.5 HIGH | N/A |
| Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients. | |||||
| CVE-2004-1824 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php. | |||||
| CVE-2002-0523 | 1 Asp-nuke | 1 Asp-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie. | |||||
| CVE-2005-1481 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp. | |||||
| CVE-2002-1452 | 1 Mywebserver | 1 Mywebserver | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter. | |||||
| CVE-2002-2105 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
| Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. | |||||
| CVE-2004-1341 | 1 Roar Smith | 1 Info2www | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www. | |||||