Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0183 | 1 Acal | 1 Calendar Project | 2025-04-03 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182. | |||||
| CVE-2004-2071 | 1 Macallan | 1 Mail Solution | 2025-04-03 | 7.5 HIGH | N/A |
| Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name. | |||||
| CVE-2006-1003 | 1 Netgear | 1 Wgt624 | 2025-04-03 | 5.0 MEDIUM | N/A |
| The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges. | |||||
| CVE-2002-0859 | 1 Microsoft | 2 Jet, Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. | |||||
| CVE-2006-4569 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
| The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2005-0678 | 1 Stadtaus | 1 Form Mail Script | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code. | |||||
| CVE-2001-1053 | 1 Adcycle | 1 Adcycle | 2025-04-03 | 10.0 HIGH | N/A |
| AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument. | |||||
| CVE-2004-0408 | 1 Michael Bacarella | 1 Ident2 | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code. | |||||
| CVE-2002-0442 | 1 Caldera | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges. | |||||
| CVE-2006-3243 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. | |||||
| CVE-2000-0544 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. | |||||
| CVE-2000-0454 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter. | |||||
| CVE-2006-0347 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL. | |||||
| CVE-1999-0087 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
| Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. | |||||
| CVE-2002-1167 | 1 Ibm | 1 Websphere Caching Proxy Server | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. | |||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | |||||
| CVE-2004-2239 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2005-1808 | 1 Firefly Studios | 1 Stronghold 2 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large size value for the nickname, which causes a memory allocation failure and generates an exception. | |||||
| CVE-2004-1204 | 1 Fluxbox-team | 1 Fluxbot | 2025-04-03 | 2.1 LOW | N/A |
| FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow. | |||||
| CVE-2006-2641 | 1 John Frank | 1 Asset Manager | 2025-04-03 | 5.8 MEDIUM | N/A |
| ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. | |||||