Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0407 | 1 Oracle | 1 Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). | |||||
| CVE-2006-1186 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 10.0 HIGH | N/A |
| Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. | |||||
| CVE-2002-1434 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs. | |||||
| CVE-2005-3634 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. | |||||
| CVE-1999-0114 | 1 Elm Development Group | 1 Elm | 2025-04-03 | 4.6 MEDIUM | N/A |
| Local users can execute commands as other users, and read other users' files, through the filter command in the Elm elm-2.4 mail package using a symlink attack. | |||||
| CVE-2005-2476 | 1 Naxtor | 1 Shopping Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2004-1236 | 1 Netscape | 1 Directory Server | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-3368 | 1 Search Enhanced | 1 Search Enhanced | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2002-1431 | 1 Belkin | 1 F5d5230-4 4-port Cable Dsl Gateway Router | 2025-04-03 | 7.5 HIGH | N/A |
| Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server. | |||||
| CVE-2005-1415 | 1 Globalscape | 1 Secure Ftp Server | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command. | |||||
| CVE-2002-1940 | 1 Jacob Navia | 1 Lcc-win32 | 2025-04-03 | 5.0 MEDIUM | N/A |
| LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application. | |||||
| CVE-2005-3121 | 1 Eduard Bloch | 1 Module-assistant | 2025-04-03 | 2.1 LOW | N/A |
| A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations. | |||||
| CVE-2005-1570 | 1 Battleaxe Software | 1 Bttlxeforum | 2025-04-03 | 5.0 MEDIUM | N/A |
| forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability. | |||||
| CVE-2001-0450 | 1 Transsoft | 1 Broker Ftp Server | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot) in the file name. | |||||
| CVE-2005-0219 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. | |||||
| CVE-2005-0692 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript. | |||||
| CVE-2001-0913 | 1 Network Solutions | 1 Rwhoisd | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains format specifiers. | |||||
| CVE-2003-0307 | 1 Poster | 1 Poster | 2025-04-03 | 7.5 HIGH | N/A |
| Poster version.two allows remote authenticated users to gain administrative privileges by appending the "|" field separator and an "admin" value into the email address field. | |||||
| CVE-2005-4353 | 1 Toenda Software Development | 1 Toendacms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-0540 | 1 Cyclades | 1 Alterpath Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page. | |||||