Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3533 | 1 Pivot | 1 Pivot | 2025-04-03 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php. | |||||
| CVE-2006-4647 | 1 Sponge News | 1 Sponge News | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter. | |||||
| CVE-2001-0379 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
| Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights. | |||||
| CVE-2004-0845 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 6.4 MEDIUM | N/A |
| Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. | |||||
| CVE-2006-1383 | 1 Pablo Software Solutions | 1 Baby Ftp Server | 2025-04-03 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error messages depending on whether a file exists or not. | |||||
| CVE-2005-0571 | 1 Punbb | 1 Punbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter. | |||||
| CVE-2005-2235 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2002-0524 | 1 Asp-nuke | 1 Asp-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message. | |||||
| CVE-1999-0339 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. | |||||
| CVE-2005-1935 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. | |||||
| CVE-2002-1559 | 1 Research Systems Inc. | 1 Ion Script | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter. | |||||
| CVE-2006-0615 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-03 | 4.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." | |||||
| CVE-2006-3692 | 1 Silentweb | 1 Listmessenger | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lm_path variable is set to a constant value. As of 20060726, CVE concurs with the vendor based on SecurityTracker's post-disclosure analysis | |||||
| CVE-1999-0737 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-2006-2638 | 1 Qjstudios | 1 Qjforum | 2025-04-03 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter. | |||||
| CVE-1999-0087 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
| Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. | |||||
| CVE-2002-1035 | 1 Omnicron | 1 Omnihttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number. | |||||
| CVE-2001-1004 | 1 Gnutella | 1 Gnutella Client | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. | |||||
| CVE-2006-3409 | 1 Tor | 1 Tor | 2025-04-03 | 7.5 HIGH | N/A |
| Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists. | |||||
| CVE-2004-1376 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. | |||||