Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1504 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
| The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php. | |||||
| CVE-2002-0311 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 10.0 HIGH | N/A |
| Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi. | |||||
| CVE-1999-1416 | 1 Inso | 1 Dwhttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large content-length. | |||||
| CVE-2002-0631 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges. | |||||
| CVE-2006-3801 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | 7.5 HIGH | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code. | |||||
| CVE-2004-2352 | 1 Martin Bauer | 1 Gbook | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke. | |||||
| CVE-2002-1037 | 1 Michael Dean | 1 Double Choco Latte | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features. | |||||
| CVE-2006-0577 | 1 Lexmark | 1 X1185 | 2025-04-03 | 7.2 HIGH | N/A |
| Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges. | |||||
| CVE-2005-0586 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content. | |||||
| CVE-2006-3229 | 1 Open Webmail | 1 Open Webmail | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML." | |||||
| CVE-2006-0667 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
| lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-1999-0791 | 1 Hybrid Network | 2 Cable Modem, Hsmp | 2025-04-03 | 10.0 HIGH | N/A |
| Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol. | |||||
| CVE-2004-2520 | 1 Geeos Team | 1 Gattaca Server 2003 | 2025-04-03 | 4.0 MEDIUM | N/A |
| POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands. | |||||
| CVE-2005-1901 | 1 Sawmill | 1 Sawmill | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page. | |||||
| CVE-2006-2611 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. | |||||
| CVE-2004-1847 | 1 Expinion.net | 1 News Manager Lite | 2025-04-03 | 7.5 HIGH | N/A |
| News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie. | |||||
| CVE-2005-3408 | 1 Greg Neustaetter | 1 Gcards | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter. | |||||
| CVE-1999-1116 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. | |||||
| CVE-2006-3794 | 1 Amazing Flash Commerce | 1 Afcommerce Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried. | |||||
| CVE-1999-0988 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
| UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack. | |||||