Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0012 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 2.1 LOW | N/A |
| The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. | |||||
| CVE-2002-0902 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. | |||||
| CVE-2004-0246 | 1 Laurent Adda | 1 Les Commentaires | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter. | |||||
| CVE-2001-1549 | 1 Tiny Software | 1 Tiny Personal Firewall | 2025-04-03 | 2.1 LOW | N/A |
| Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. | |||||
| CVE-2006-1440 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
| BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links. | |||||
| CVE-2006-1612 | 1 Aweb Labs | 1 Awebnews | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters. | |||||
| CVE-2006-3343 | 1 Crisoft Ricette | 1 Crisoft Ricette | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter. | |||||
| CVE-2002-0466 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 5.0 MEDIUM | N/A |
| Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp. | |||||
| CVE-2004-2557 | 1 Netgear | 1 Wg602 | 2025-04-03 | 5.0 MEDIUM | N/A |
| NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. | |||||
| CVE-2004-0662 | 1 Powerportal | 1 Powerportal | 2025-04-03 | 5.0 MEDIUM | N/A |
| PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message. | |||||
| CVE-2000-0273 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 5.0 MEDIUM | N/A |
| PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. | |||||
| CVE-2006-2101 | 1 Winiso Computing | 1 Winiso | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2002-0204 | 1 Gnu | 1 Chess | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command. | |||||
| CVE-2006-4185 | 1 Novell | 1 Edirectory | 2025-04-03 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. | |||||
| CVE-2001-0713 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 4.6 MEDIUM | N/A |
| Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function. | |||||
| CVE-2002-0285 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
| Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | |||||
| CVE-2006-2470 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies. | |||||
| CVE-2000-0796 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option. | |||||
| CVE-2004-1911 | 1 Azerbaijan Development Group | 1 Azdgdating | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php. | |||||
| CVE-2006-3374 | 1 Randshop | 1 Randshop | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter. | |||||