Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1487 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
| Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system. | |||||
| CVE-2005-1055 | 1 Towerblog | 1 Towerblog | 2025-04-03 | 7.5 HIGH | N/A |
| TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file. | |||||
| CVE-2004-1782 | 1 David Maciejak | 1 Athena Web Registration | 2025-04-03 | 7.5 HIGH | N/A |
| athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter. | |||||
| CVE-1999-0166 | 1 Sun | 1 Nfs | 2025-04-03 | 5.0 MEDIUM | N/A |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. | |||||
| CVE-2005-0900 | 1 Nukebookmarks | 1 Nukebookmarks | 2025-04-03 | 5.0 MEDIUM | N/A |
| marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid (1) file or (2) category parameter, which reveal the path in an error message. | |||||
| CVE-2005-3513 | 1 Vubb | 1 Vubb | 2025-04-03 | 5.0 MEDIUM | N/A |
| index.php in VUBB alpha rc1 allows remote attackers to obtain the installation path of the application via a viewforum action with the f parameter set to a single quote ('). | |||||
| CVE-2000-0904 | 1 Qnx | 1 Voyager | 2025-04-03 | 5.0 MEDIUM | N/A |
| Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information. | |||||
| CVE-2005-1071 | 1 Jportal | 1 Jportal Web Portal | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. | |||||
| CVE-2005-0890 | 1 Dream4 | 1 Koobi Cms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote attackers to execute arbitrary SQL commands via the area parameter. | |||||
| CVE-2003-1023 | 1 Midnight Commander | 1 Midnight Commander | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion. | |||||
| CVE-2006-1504 | 1 Arab Portal | 1 Arab Portal | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php. | |||||
| CVE-2002-2031 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results. | |||||
| CVE-2005-1046 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. | |||||
| CVE-2006-1158 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 7.8 HIGH | N/A |
| Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command. | |||||
| CVE-2001-0120 | 3 Immunix, Mandrakesoft, Redhat | 3 Immunix, Mandrake Linux, Linux | 2025-04-03 | 1.2 LOW | N/A |
| useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2006-2899 | 1 Estsoft | 1 Internetdisk | 2025-04-03 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. | |||||
| CVE-2006-2981 | 1 Arantius | 1 Vice Stats | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972. | |||||
| CVE-2000-0800 | 1 Suse | 1 Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
| String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges. | |||||
| CVE-2000-1240 | 1 Anyportal Php | 1 Anyportal Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attack vectors, which reveal the absolute path. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2991 | 1 Ringlink | 1 Ringlink | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in (1) next.cgi, (2) stats.cgi, or (3) list.cgi. | |||||