Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3967 | 1 Atlassian | 1 Confluence | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter. | |||||
| CVE-2005-1673 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php. | |||||
| CVE-2006-0532 | 1 Media2 Cms | 1 Shop | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker Shop allows remote attackers to inject arbitrary web script or HTML via a strSok parameter containing a javascript: URI in an IMG SRC attribute. | |||||
| CVE-2002-0589 | 1 Steve Korbett | 1 Pvote | 2025-04-03 | 7.5 HIGH | N/A |
| PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password. | |||||
| CVE-2006-4334 | 1 Gzip | 1 Gzip | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference. | |||||
| CVE-2004-0648 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 10.0 HIGH | N/A |
| Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. | |||||
| CVE-2002-0176 | 1 Avaya | 1 Libsafe | 2025-04-03 | 4.6 MEDIUM | N/A |
| The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe. | |||||
| CVE-2005-3812 | 1 Freeftpd | 1 Freeftpd | 2025-04-03 | 6.8 MEDIUM | N/A |
| freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments. | |||||
| CVE-2006-4892 | 1 Techno Dreams | 1 Faq Manager Package | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2003-1262 | 1 Http Fetcher | 1 Http Fetcher Library | 2025-04-03 | 6.4 MEDIUM | N/A |
| Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value. | |||||
| CVE-2001-0644 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
| Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server. | |||||
| CVE-2003-0478 | 5 Andromede, Bahamut, Daniel Moss and 2 more | 5 Adromedeircd, Ircd, Methane and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings. | |||||
| CVE-2006-0652 | 1 Whmcompletesolution | 1 Whmcompletesolution | 2025-04-03 | 6.5 MEDIUM | N/A |
| WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. NOTE: this report is based on a vendor bug report that identified "incorrect permissions." However, the vendor did not label it a security issue, and there was no statement regarding whether or not the permissions were actually more permissive than intended. If in fact the permissions were more restrictive than intended, then this would be a functional problem but not a vulnerability. | |||||
| CVE-2001-1433 | 1 Cherokee | 1 Cherokee Httpd | 2025-04-03 | 7.5 HIGH | N/A |
| Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities. | |||||
| CVE-1999-1126 | 1 Cisco | 1 Resource Manager | 2025-04-03 | 2.1 LOW | N/A |
| Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_". | |||||
| CVE-2002-1920 | 1 Datawizard | 1 Ftpxq | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name. | |||||
| CVE-2002-2085 | 1 Wwwebbb | 1 Wwwebbb Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. | |||||
| CVE-2006-3691 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php. | |||||
| CVE-2002-1817 | 1 Symantec Veritas | 1 Cluster Server | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors. | |||||
| CVE-2004-1976 | 1 Smc Networks | 1 Smc7004vbr | 2025-04-03 | 7.5 HIGH | N/A |
| SMC Barricade broadband router 7008ABR and 7004VBR enable remote administration by default, which allows remote attackers to gain access by connecting to port 1900. | |||||