Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0023 | 6 Bsdi, Freebsd, Ibm and 3 more | 10 Bsd Os, Freebsd, Aix and 7 more | 2025-04-03 | 7.2 HIGH | N/A |
| Local user gains root privileges via buffer overflow in rdist, via lookup() function. | |||||
| CVE-2003-1237 | 1 Matt Wright | 1 Wwwboard | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post. | |||||
| CVE-2005-1943 | 1 Loki | 1 Loki Download Manager Catgory Version | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp. | |||||
| CVE-2006-3301 | 1 Phpqladmin | 1 Phpqladmin | 2025-04-03 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php. | |||||
| CVE-2002-1581 | 2 Debian, Mailreader.com | 2 Debian Linux, Mailreader.com | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter. | |||||
| CVE-2004-2033 | 1 Orenosv | 1 Orenosv Http Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2006-3955 | 1 Minibb | 1 Minibb | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php. | |||||
| CVE-2002-1015 | 1 Realnetworks | 3 Realjukebox 2, Realjukebox 2 Plus, Realone Player | 2025-04-03 | 7.5 HIGH | N/A |
| RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. | |||||
| CVE-2006-4376 | 1 Guder Und Koch Netzwerktechnik | 1 Eichhorn Portal | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. | |||||
| CVE-2001-0231 | 1 Ibrow | 1 News Desk | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter. | |||||
| CVE-2005-3158 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159. | |||||
| CVE-1999-0576 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
| A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. | |||||
| CVE-2005-2798 | 1 Openbsd | 1 Openssh | 2025-04-03 | 5.0 MEDIUM | N/A |
| sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. | |||||
| CVE-2003-1121 | 1 Scriptlogic | 1 Scriptlogic | 2025-04-03 | 10.0 HIGH | N/A |
| Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe). | |||||
| CVE-2004-0666 | 1 Popclient | 1 Popclient | 2025-04-03 | 7.5 HIGH | N/A |
| Off-by-one error in the POP3_readmsg function in popclient 3.0b6 allows remote attackers to cause a denial of service (application crash) via an e-mail message with a certain line length, which leads to a buffer overflow. | |||||
| CVE-2004-2227 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. | |||||
| CVE-2004-2318 | 1 Netwin | 1 Surgeftp | 2025-04-03 | 5.0 MEDIUM | N/A |
| The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | |||||
| CVE-2005-0474 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie. | |||||
| CVE-2002-1575 | 1 Mit | 1 Cgiemail | 2025-04-03 | 5.0 MEDIUM | N/A |
| cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message. | |||||
| CVE-2005-3324 | 1 Appindex | 1 Mwchat | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||