Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0002 | 1 Zbsoft | 1 Zbserver | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request. | |||||
| CVE-2005-4799 | 1 Yapig | 1 Yapig | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886. | |||||
| CVE-2005-0809 | 1 Notify Technology | 1 Notifylink | 2025-04-03 | 7.5 HIGH | N/A |
| NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack. | |||||
| CVE-2001-1336 | 1 Aclogic | 1 Cesarftp | 2025-04-03 | 7.5 HIGH | N/A |
| CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. | |||||
| CVE-2005-4438 | 1 Dec2rar.dll | 1 Dec2rar.dll | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field. | |||||
| CVE-2002-1744 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot). | |||||
| CVE-2002-1730 | 1 Aspjar | 1 Aspjar Guestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
| ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true". | |||||
| CVE-2005-4223 | 1 Utopia Software | 1 Utopia News Pro | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php. | |||||
| CVE-2005-4465 | 1 Nec | 1 Univerge | 2025-04-03 | 7.5 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2001-1571 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. | |||||
| CVE-2006-2956 | 1 Skoom | 1 I.list | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php. | |||||
| CVE-2002-1499 | 1 Factosystem | 1 Factosystem Weblog | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp. | |||||
| CVE-2003-0589 | 1 Digi-fx | 1 Digi-news | 2025-04-03 | 10.0 HIGH | N/A |
| admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
| CVE-1999-0548 | 2025-04-03 | 10.0 HIGH | N/A | ||
| A superfluous NFS server is running, but it is not importing or exporting any file systems. | |||||
| CVE-2004-1440 | 1 Putty | 1 Putty | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication. | |||||
| CVE-2002-0558 | 1 Typsoft | 1 Typsoft Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters. | |||||
| CVE-2003-0755 | 1 Gtkftpd | 1 Gtkftp | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command. | |||||
| CVE-2002-0911 | 1 Caldera | 1 Volution Manager | 2025-04-03 | 7.2 HIGH | N/A |
| Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges. | |||||
| CVE-2005-1282 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface. | |||||
| CVE-2002-0768 | 2 Luke Mewburn, Suse | 2 Lukemftp, Suse Linux | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command. | |||||