Total
29809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0099 | 1 Valdersoft | 1 Valdersoft Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter. | |||||
| CVE-2004-0181 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device. | |||||
| CVE-2005-2816 | 1 Greymatter | 1 Greymatter Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file. | |||||
| CVE-2005-2774 | 1 Lithium Software | 1 Lithium Ii Mod | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the nickname. | |||||
| CVE-2005-4172 | 1 Efiction Project | 1 Efiction | 2025-04-03 | 5.0 MEDIUM | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message. | |||||
| CVE-2006-2822 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2002-1336 | 1 Tightvnc | 1 Tightvnc | 2025-04-03 | 7.5 HIGH | N/A |
| TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. | |||||
| CVE-2005-1118 | 1 Rsa | 1 Authentication Agent For Web | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. | |||||
| CVE-2006-2171 | 1 Jgaa | 1 Warftpd | 2025-04-03 | 6.4 MEDIUM | N/A |
| Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer. | |||||
| CVE-2006-0488 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
| The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm. | |||||
| CVE-2001-0980 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2025-04-03 | 7.5 HIGH | N/A |
| docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page. | |||||
| CVE-2005-4254 | 1 Dreamlevels | 1 Dream Poll | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2001-1219 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. | |||||
| CVE-2002-0763 | 1 Hp | 1 Virtualvault | 2025-04-03 | 7.5 HIGH | N/A |
| Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server. | |||||
| CVE-2005-3137 | 1 Gnu | 1 Cfengine | 2025-04-03 | 2.1 LOW | N/A |
| The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. | |||||
| CVE-2002-2132 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
| Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes. | |||||
| CVE-2004-2664 | 1 John Lim | 1 Adodb | 2025-04-03 | 5.0 MEDIUM | N/A |
| John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message. | |||||
| CVE-2006-2715 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2025-04-03 | 7.5 HIGH | N/A |
| The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console. | |||||
| CVE-2006-0648 | 1 Php Icalendar | 1 Php Icalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php. | |||||
| CVE-2005-0319 | 1 Alt-n | 1 Webadmin | 2025-04-03 | 4.3 MEDIUM | N/A |
| Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks. | |||||