Total
29809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1216 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. | |||||
| CVE-2001-0474 | 2 Brian Paul, Mandrakesoft | 2 Mesa, Mandrake Linux | 2025-04-03 | 2.1 LOW | N/A |
| Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file. | |||||
| CVE-2000-0541 | 1 Panda | 1 Panda Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
| The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. | |||||
| CVE-2001-0332 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability. | |||||
| CVE-2005-2755 | 1 Apple | 1 Quicktime | 2025-04-03 | 2.6 LOW | N/A |
| Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference. | |||||
| CVE-2004-0143 | 1 Nokia | 1 6310i | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows. | |||||
| CVE-2006-0972 | 1 Fscripts | 1 Fantastic News | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by CVE-2005-3846. | |||||
| CVE-2005-3692 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments. | |||||
| CVE-2005-3166 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. | |||||
| CVE-2005-1444 | 1 Sitepanel | 1 Sitepanel | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php. | |||||
| CVE-2003-1210 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. | |||||
| CVE-2002-1817 | 1 Symantec Veritas | 1 Cluster Server | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors. | |||||
| CVE-1999-0412 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | |||||
| CVE-2004-2440 | 1 Proxytunnel | 1 Proxytunnel | 2025-04-03 | 2.1 LOW | N/A |
| Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users. | |||||
| CVE-2005-1745 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 4.6 MEDIUM | N/A |
| The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. | |||||
| CVE-2005-4140 | 1 Website Baker | 1 Website Baker | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field. | |||||
| CVE-2006-0895 | 1 Nocc | 1 Nocc | 2025-04-03 | 5.0 MEDIUM | N/A |
| NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php. | |||||
| CVE-2005-1140 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments. | |||||
| CVE-2004-2460 | 1 Gnu | 1 Gnubiff | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list. | |||||
| CVE-2003-0441 | 1 Orville-write | 1 Orville-write | 2025-04-03 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges. | |||||