Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0793 | 1 Zpanel | 1 Zpanel | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter. | |||||
| CVE-2004-1470 | 1 Snipsnap | 1 Snipsnap | 2025-04-03 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server. | |||||
| CVE-2006-3899 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. | |||||
| CVE-2001-0760 | 1 Citrix | 1 Nfuse | 2025-04-03 | 5.0 MEDIUM | N/A |
| Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. | |||||
| CVE-2006-3290 | 1 Cisco | 1 Wireless Control System | 2025-04-03 | 5.0 MEDIUM | N/A |
| HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. | |||||
| CVE-2005-4496 | 1 Forum One | 1 Syntaxcms | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | |||||
| CVE-2006-1356 | 1 Andrew Hsu | 2 Libvc, Rolo | 2025-04-03 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line. | |||||
| CVE-2001-0031 | 1 Broadvision | 1 One-to-one Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist. | |||||
| CVE-2005-0190 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 2.6 LOW | N/A |
| Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension. | |||||
| CVE-2001-0750 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. | |||||
| CVE-2000-0735 | 1 Rimarts Inc. | 1 Becky Internet Mail | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to a message. | |||||
| CVE-2005-3153 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 7.5 HIGH | N/A |
| login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability. | |||||
| CVE-2004-0409 | 1 Xchat | 1 Xchat | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2000-1027 | 1 Cisco | 1 Pix Firewall Software | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established. | |||||
| CVE-2005-3470 | 1 Mailscanner | 1 Mailscanner | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2006-2615 | 1 Russcom Network | 1 Russcom.ping | 2025-04-03 | 7.5 HIGH | N/A |
| ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter. | |||||
| CVE-2006-2632 | 1 Andrew Godwin | 1 Bytehoard | 2025-04-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions. | |||||
| CVE-2005-0265 | 1 Owl | 1 Owl Intranet Engine | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter. | |||||
| CVE-1999-1343 | 1 Xerox | 1 Docucolor 4lp | 2025-04-03 | 5.0 MEDIUM | N/A |
| HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause a denial of service (hang) via a long URL that contains a large number of . characters. | |||||
| CVE-2004-2322 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module. | |||||