Total
29809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0163 | 1 Francisco Burzi | 1 Php-nuke Ev | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. | |||||
| CVE-2002-0762 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
| shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files. | |||||
| CVE-2006-2906 | 1 Thomas Boutell | 1 Graphics Draw Library | 2025-04-03 | 5.4 MEDIUM | N/A |
| The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. | |||||
| CVE-2006-4478 | 1 Visualshapers | 1 Ezcontents | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter. | |||||
| CVE-2005-0365 | 1 Kde | 1 Kde | 2025-04-03 | 2.1 LOW | N/A |
| The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2003-0013 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. | |||||
| CVE-2006-1488 | 1 Activecampaign | 1 Supporttrio | 2025-04-03 | 5.0 MEDIUM | N/A |
| ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) print parameters in a kb action to index.php, or (3) an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message. | |||||
| CVE-2004-1586 | 1 Jera Technology | 1 Flash Messaging Server | 2025-04-03 | 2.1 LOW | N/A |
| Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected. | |||||
| CVE-2003-1162 | 1 Tritanium Scripts | 1 Tritanium Bulletin Board | 2025-04-03 | 5.0 MEDIUM | N/A |
| index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters. | |||||
| CVE-2004-0290 | 1 Freeform Interactive | 2 Purge, Purge Jihad | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields. | |||||
| CVE-2000-0504 | 3 Gnome, Open Group, Xfree86 Project | 3 Gdm, X, X11r6 | 2025-04-03 | 5.0 MEDIUM | N/A |
| libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. | |||||
| CVE-2006-2402 | 1 Outgun | 1 Outgun | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the changeRegistration function in servernet.cpp for Outgun 1.0.3 bot 2 and earlier allows remote attackers to change the registration information of other players via a long string. | |||||
| CVE-2006-1987 | 1 Apple | 1 Safari | 2025-04-03 | 7.5 HIGH | N/A |
| Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible. | |||||
| CVE-2005-2830 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." | |||||
| CVE-2000-1225 | 1 Imatix | 1 Xitami | 2025-04-03 | 5.0 MEDIUM | N/A |
| Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program. | |||||
| CVE-2005-4005 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php. | |||||
| CVE-2004-1880 | 1 Openldap | 1 Openldap | 2025-04-03 | 5.0 MEDIUM | N/A |
| Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2005-4668 | 1 Parosproxy | 1 Parosproxy | 2025-04-03 | 4.6 MEDIUM | N/A |
| The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845. | |||||
| CVE-2006-1769 | 1 Userland | 1 Manila | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$. | |||||
| CVE-2006-0151 | 2 Todd Miller, Ubuntu | 2 Sudo, Ubuntu Linux | 2025-04-03 | 7.2 HIGH | N/A |
| sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. | |||||