Total
29810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2325 | 1 Clever Copy | 1 Clever Copy | 2025-04-03 | 5.0 MEDIUM | N/A |
| Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to (1) ticker.php, (2) menu.php, (3) banned.php, (4) endlayout.php, (5) randomhlinesblock.php, (6) showlast.php, (7) showlast5class1.php, (8) showlast5phorum.php, (9) showlast5phorumblock.php, (10) showlastforumbb2.php, or (11) showlastforumbb2block.php. | |||||
| CVE-2006-4207 | 1 Bob Jewell | 1 Discloser | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php. | |||||
| CVE-2006-4770 | 1 Miniportal | 1 Miniportal | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter. | |||||
| CVE-2006-0882 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php. | |||||
| CVE-2005-4463 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
| WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1. | |||||
| CVE-2006-2193 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. | |||||
| CVE-2005-1466 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (large memory allocation) via unknown vectors. | |||||
| CVE-2006-0530 | 1 Ca | 1 Messaging | 2025-04-03 | 5.0 MEDIUM | N/A |
| Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages. | |||||
| CVE-2005-3291 | 1 Stani | 1 Stanis Python Editor | 2025-04-03 | 4.6 MEDIUM | N/A |
| Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files. | |||||
| CVE-2006-2650 | 1 Cosmicphp | 1 Cosmicshoppingcart | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter. | |||||
| CVE-2003-0012 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 2.1 LOW | N/A |
| The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. | |||||
| CVE-2002-0902 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. | |||||
| CVE-2004-0246 | 1 Laurent Adda | 1 Les Commentaires | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter. | |||||
| CVE-2001-1549 | 1 Tiny Software | 1 Tiny Personal Firewall | 2025-04-03 | 2.1 LOW | N/A |
| Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. | |||||
| CVE-2006-1440 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
| BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links. | |||||
| CVE-2006-1612 | 1 Aweb Labs | 1 Awebnews | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters. | |||||
| CVE-2006-3343 | 1 Crisoft Ricette | 1 Crisoft Ricette | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter. | |||||
| CVE-2002-0466 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 5.0 MEDIUM | N/A |
| Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp. | |||||
| CVE-2004-2557 | 1 Netgear | 1 Wg602 | 2025-04-03 | 5.0 MEDIUM | N/A |
| NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. | |||||
| CVE-2004-0662 | 1 Powerportal | 1 Powerportal | 2025-04-03 | 5.0 MEDIUM | N/A |
| PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message. | |||||