Total
29557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4076 | 1 Wim Fleischhauer | 1 Docpile We | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2005-4724 | 1 Phptagcool | 1 Phptagcool | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header. | |||||
| CVE-2005-2186 | 1 Mcafee | 1 Intrushield Security Management System | 2025-04-03 | 1.9 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp. | |||||
| CVE-2006-2776 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
| Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. | |||||
| CVE-2005-2091 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2001-1380 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
| OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. | |||||
| CVE-2004-1934 | 1 Isesam | 1 Gemitel | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter. | |||||
| CVE-2005-4406 | 1 Tmc Visionpool | 1 Mercury Cms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2004-1802 | 1 Lionmax Software | 1 Chat Anywhere | 2025-04-03 | 5.0 MEDIUM | N/A |
| Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page. | |||||
| CVE-2005-4576 | 1 Fatwire | 1 Updateengine | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters. | |||||
| CVE-2001-0001 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. | |||||
| CVE-2006-0058 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 7.6 HIGH | N/A |
| Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. | |||||
| CVE-2004-0185 | 1 Washington University | 1 Wu-ftpd | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. | |||||
| CVE-1999-0197 | 2025-04-03 | 10.0 HIGH | N/A | ||
| finger 0@host on some systems may print information on some user accounts. | |||||
| CVE-1999-1006 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
| Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter. | |||||
| CVE-2005-2579 | 1 Nortel | 1 Contivity | 2025-04-03 | 7.2 HIGH | N/A |
| Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box. | |||||
| CVE-2005-1492 | 1 Gossamer Threads | 2 Gossamer Threads Links, Gossamer Threads Links-sql | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2004-1205 | 1 Pntresmailer | 1 Pntresmailer | 2025-04-03 | 5.0 MEDIUM | N/A |
| codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message. | |||||
| CVE-2004-2352 | 1 Martin Bauer | 1 Gbook | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke. | |||||
| CVE-2005-1516 | 1 Netwin | 1 Dmail | 2025-04-03 | 7.5 HIGH | N/A |
| DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function. | |||||