Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1444 | 1 Sitepanel | 1 Sitepanel | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php. | |||||
| CVE-2003-1210 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. | |||||
| CVE-2002-1817 | 1 Symantec Veritas | 1 Cluster Server | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors. | |||||
| CVE-1999-0412 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | |||||
| CVE-2004-2440 | 1 Proxytunnel | 1 Proxytunnel | 2025-04-03 | 2.1 LOW | N/A |
| Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users. | |||||
| CVE-2005-1745 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 4.6 MEDIUM | N/A |
| The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. | |||||
| CVE-2005-4140 | 1 Website Baker | 1 Website Baker | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field. | |||||
| CVE-2006-0895 | 1 Nocc | 1 Nocc | 2025-04-03 | 5.0 MEDIUM | N/A |
| NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php. | |||||
| CVE-2005-1140 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments. | |||||
| CVE-2004-2460 | 1 Gnu | 1 Gnubiff | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list. | |||||
| CVE-2003-0441 | 1 Orville-write | 1 Orville-write | 2025-04-03 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges. | |||||
| CVE-2006-0841 | 1 Mantis | 1 Mantis | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522. | |||||
| CVE-2003-0391 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command. | |||||
| CVE-2004-0989 | 5 Redhat, Trustix, Ubuntu and 2 more | 6 Fedora Core, Secure Linux, Ubuntu Linux and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. | |||||
| CVE-2006-4892 | 1 Techno Dreams | 1 Faq Manager Package | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2006-1847 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-1999-0638 | 2025-04-03 | N/A | N/A | ||
| The daytime service is running. | |||||
| CVE-2005-4706 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
| Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function. | |||||
| CVE-2001-0253 | 1 Iweb Systems | 1 Hyperseek | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter. | |||||
| CVE-2000-0538 | 1 Allaire | 1 Coldfusion Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password. | |||||