Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1159 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 7.5 HIGH | N/A |
| load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | |||||
| CVE-2004-1408 | 1 Singapore | 1 Image Gallery Web Application | 2025-04-03 | 7.5 HIGH | N/A |
| The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files. | |||||
| CVE-2006-4552 | 1 Chxo | 1 Feedsplitter | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed. | |||||
| CVE-2004-2189 | 1 Dmxready | 1 Dmxready Site Chassis Manager | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2000-0521 | 1 Michael Lamont | 1 Savant Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number. | |||||
| CVE-2006-2754 | 1 Openldap | 1 Openldap | 2025-04-03 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. | |||||
| CVE-2002-0503 | 1 Citrix | 1 Nfuse | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter. | |||||
| CVE-2004-0658 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
| Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_remote_request, or (4) hpsb_make_writebpacket. | |||||
| CVE-2005-1680 | 1 D-link | 4 Dsl-502t, Dsl-504t, Dsl-562t and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address. | |||||
| CVE-2006-3948 | 1 Php-nuke | 1 Inp | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2006-1384 | 1 Ibm | 1 Tivoli Business Systems Manager | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the web console in IBM Tivoli Business Systems Manager (TBSM) before 3.1.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. | |||||
| CVE-2002-0617 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 5.1 MEDIUM | N/A |
| The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." | |||||
| CVE-2006-2514 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 7.5 HIGH | N/A |
| Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | |||||
| CVE-2006-3841 | 1 Owasp | 1 Webscarab | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL. | |||||
| CVE-1999-0568 | 1 Sun | 1 Solaris | 2025-04-03 | 10.0 HIGH | N/A |
| rpc.admind in Solaris is not running in a secure mode. | |||||
| CVE-2006-3795 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php. | |||||
| CVE-2004-2044 | 4 Francisco Burzi, Oscommerce, Paul Laudanski and 1 more | 4 Php-nuke, Osc2nuke, Betanc Php-nuke and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. | |||||
| CVE-2003-0408 | 1 The Uptimes Project | 1 Upclient | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument. | |||||
| CVE-2003-0880 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences. | |||||
| CVE-2000-0673 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability. | |||||