Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1168 | 1 Http Commander | 1 Http Commander | 2025-04-03 | 5.0 MEDIUM | N/A |
| HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message. | |||||
| CVE-2005-1742 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." | |||||
| CVE-2005-1505 | 1 Apple | 1 Mail | 2025-04-03 | 7.5 HIGH | N/A |
| The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. | |||||
| CVE-2006-1897 | 1 Talentsoft | 1 Web\+ Shop | 2025-04-03 | 5.0 MEDIUM | N/A |
| Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message. | |||||
| CVE-2002-1727 | 1 Asksam Systems | 1 Asksam Web Publisher | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_web4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL. | |||||
| CVE-2003-0621 | 1 Bea | 2 Tuxedo, Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. | |||||
| CVE-2006-3505 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
| WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated. | |||||
| CVE-2005-0040 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log. | |||||
| CVE-2000-1090 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. | |||||
| CVE-2006-2818 | 1 Cameron Mckay | 1 Informium | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter. | |||||
| CVE-2004-1294 | 1 Luke Mewburn | 1 Tnftp | 2025-04-03 | 5.0 MEDIUM | N/A |
| The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters. | |||||
| CVE-2004-2215 | 1 Marc Lehmann | 1 Rxvt-unicode | 2025-04-03 | 4.6 MEDIUM | N/A |
| RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. | |||||
| CVE-1999-1160 | 1 Hp | 1 Hp-ux | 2025-04-03 | 10.0 HIGH | N/A |
| Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. | |||||
| CVE-2006-1694 | 1 Xbrite | 1 Xbrite Members | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-4004 | 1 Infinetsoftware | 1 Mytemplatesite | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2000-0512 | 1 Debian | 1 Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. | |||||
| CVE-2006-3499 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
| The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. | |||||
| CVE-2005-1088 | 1 Dameware Development | 2 Mini Remote Control, Nt Utilities | 2025-04-03 | 7.2 HIGH | N/A |
| Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights. | |||||
| CVE-2006-0651 | 1 Vwdev | 1 Vwdev | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page. | |||||
| CVE-2003-1142 | 1 Network Instruments | 1 Niprint Lpd-lpr Print Server | 2025-04-03 | 10.0 HIGH | N/A |
| Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. | |||||