Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1849 | 1 Parachat | 1 Parachat Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with invalid users. | |||||
| CVE-2001-0068 | 1 Apple | 1 Mac Os Runtime For Java | 2025-04-03 | 2.6 LOW | N/A |
| Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter. | |||||
| CVE-2002-0259 | 1 Instantservers Inc. | 1 Miniportal | 2025-04-03 | 4.6 MEDIUM | N/A |
| InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges. | |||||
| CVE-2004-1202 | 1 Phpcms | 1 Phpcms | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2006-1482 | 1 Conftool | 1 Conftool | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-0777 | 1 Teca Scripts | 1 Guestex | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters. | |||||
| CVE-2004-0162 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients. | |||||
| CVE-2005-3247 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
| The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | |||||
| CVE-2004-0268 | 1 Evolutionx | 1 Evolutionx | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote attackers to cause a denial of service (hang) via (1) a long cd command to the FTP server, or (2) a long dir command to the telnet server. | |||||
| CVE-2002-0963 | 1 Geeklog | 1 Geeklog | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter. | |||||
| CVE-2006-3245 | 1 Mvnforum | 1 Mvnforum | 2025-04-03 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters. | |||||
| CVE-2003-0281 | 1 Firebirdsql | 1 Firebird | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop. | |||||
| CVE-2000-0861 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.2 HIGH | N/A |
| Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. | |||||
| CVE-2006-1082 | 1 Phparcadescript | 1 Phparcadescript | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts. | |||||
| CVE-2002-2018 | 1 Sas | 2 Base, Integration Technologies | 2025-04-03 | 7.2 HIGH | N/A |
| sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. | |||||
| CVE-2000-0041 | 1 Apple | 1 Macos | 2025-04-03 | 5.0 MEDIUM | N/A |
| Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. | |||||
| CVE-2004-0673 | 1 Simm-comm | 1 Sci Photo Chat | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message. | |||||
| CVE-2005-1472 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
| Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories. | |||||
| CVE-2002-1824 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. | |||||
| CVE-2006-1137 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) "navigate through the directory" or (2) a "file sent to expose TCP/IP ports". | |||||