Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2566 | 1 Liveworld | 4 Livechat, Livefocusgroup, Liveforum and 1 more | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and (c) search!execute.jspa. | |||||
| CVE-2001-0743 | 1 Oreilly | 1 Webboard | 2025-04-03 | 5.0 MEDIUM | N/A |
| Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands. | |||||
| CVE-2006-1115 | 1 Ncipher | 3 Chil, Mscapi Csp, Ncipher Software Cd | 2025-04-03 | 2.6 LOW | N/A |
| nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack. | |||||
| CVE-2000-0474 | 1 Realnetworks | 1 Realserver | 2025-04-03 | 7.8 HIGH | N/A |
| Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory. | |||||
| CVE-2005-3375 | 1 Ikarus | 1 Ikarus Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2006-1401 | 1 Php Lite | 1 Calendar Express | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1800 | 1 Simplemedia | 1 Simplebbs | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log. | |||||
| CVE-1999-1464 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
| Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564. | |||||
| CVE-2002-1819 | 1 Tinyhttpd | 1 Tinyhttpd | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL. | |||||
| CVE-2004-0616 | 1 Bt | 1 Voyager 2000 Wireless Adsl Router | 2025-04-03 | 5.0 MEDIUM | N/A |
| The BT Voyager 2000 Wireless ADSL Router has a default public SNMP community name, which allows remote attackers to obtain sensitive information such as the password, which is stored in plaintext. | |||||
| CVE-2006-1422 | 1 Jjwwebdesign | 1 Phpbookingcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | |||||
| CVE-1999-0776 | 1 Computer Software Manufaktur | 1 Alibaba | 2025-04-03 | 5.0 MEDIUM | N/A |
| Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. | |||||
| CVE-2006-4917 | 1 Pt News | 1 Pt News | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter. | |||||
| CVE-2004-0639 | 3 Open Webmail, Sgi, Squirrelmail | 3 Open Webmail, Propack, Squirrelmail | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. | |||||
| CVE-2003-1198 | 1 Cherokee | 1 Cherokee Httpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field. | |||||
| CVE-2004-1579 | 1 Devellion | 1 Cubecart | 2025-04-03 | 5.0 MEDIUM | N/A |
| index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message. | |||||
| CVE-2002-0190 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. | |||||
| CVE-1999-0852 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.2 HIGH | N/A |
| IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin. | |||||
| CVE-2002-0382 | 1 Xchat | 1 Xchat | 2025-04-03 | 7.5 HIGH | N/A |
| XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters. | |||||
| CVE-2006-1655 | 1 Mpg123 | 1 Mpg123 | 2025-04-03 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. | |||||