Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3605 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference. | |||||
| CVE-2005-0150 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2002-2115 | 1 Hns | 2 Hns, Hns-lite | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2005-4546 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | 7.8 HIGH | N/A |
| search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability. | |||||
| CVE-2006-4759 | 1 Punbb | 1 Punbb | 2025-04-03 | 3.6 LOW | N/A |
| PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926. | |||||
| CVE-2002-0278 | 1 Add2it | 1 Mailman Free | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. (dot dot) in the list parameter. | |||||
| CVE-2004-1409 | 1 Singapore | 1 Image Gallery Web Application | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2000-0209 | 1 University Of Kansas | 1 Lynx | 2025-04-03 | 7.6 HIGH | N/A |
| Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. | |||||
| CVE-2006-4945 | 1 Cardway | 1 Digitalwebshop | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php. | |||||
| CVE-2006-1716 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. | |||||
| CVE-2002-1099 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages. | |||||
| CVE-2002-1719 | 1 Bavo | 1 Bavo | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages. | |||||
| CVE-2001-1557 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges. | |||||
| CVE-2004-2406 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact. | |||||
| CVE-2006-1147 | 1 Cor Entertainment | 1 Alien Arena 2006 | 2025-04-03 | 4.0 MEDIUM | N/A |
| The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial of service (application crash) via a long skin, weapon, or model name. | |||||
| CVE-2006-0401 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. | |||||
| CVE-2000-0592 | 1 Sapporoworks | 1 Sapporoworks Winproxy | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow remote attackers to execute arbitrary commands via long USER, PASS, LIST, RETR, or DELE commands. | |||||
| CVE-2003-0651 | 1 Mod Mylo | 1 Mod Mylo | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2006-1707 | 1 Kansok Communications | 1 Shopweezle | 2025-04-03 | 5.0 MEDIUM | N/A |
| index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter. | |||||
| CVE-2004-1501 | 1 Software602 | 1 602lan Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
| The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data. | |||||