Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3204 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie. | |||||
| CVE-2005-1436 | 1 Osticket | 1 Osticket | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket. | |||||
| CVE-2004-0902 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. | |||||
| CVE-2005-4383 | 1 Citysoft | 1 Community Enterprise | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows remote attackers to inject arbitrary web script or HTML via the (1) presentationSite, (2) docPublishYear, (3) docDescription, (4) publishState, (5) docAuthor, (6) docTitle, (7) subTopic, (8) topic, (9) topicRadio, (10) topicOnly, (11) startrow, and (12) sortby parameters. | |||||
| CVE-2002-1133 | 1 Funsoft | 1 Dinos Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters. | |||||
| CVE-2006-0557 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
| sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors. | |||||
| CVE-2006-3781 | 1 Sun | 1 Solaris | 2025-04-03 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API. | |||||
| CVE-2006-2475 | 1 Cosmoshop | 1 Cosmoshop | 2025-04-03 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) bestmail.cgi in Cosmoshop 8.11.106 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | |||||
| CVE-2006-4347 | 1 Jiran | 2 Cool Manager, Cool Messenger Office School Server | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2000-0357 | 1 Redhat | 1 Linux | 2025-04-03 | 7.5 HIGH | N/A |
| ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys. | |||||
| CVE-2006-1811 | 1 Flexbb | 1 Flexbb | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie. | |||||
| CVE-1999-0550 | 2025-04-03 | 7.5 HIGH | N/A | ||
| A router's routing tables can be obtained from arbitrary hosts. | |||||
| CVE-2001-0027 | 1 Proftpd Project | 1 Proftpd | 2025-04-03 | 7.5 HIGH | N/A |
| mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users. | |||||
| CVE-2000-0161 | 1 Microsoft | 1 Site Server | 2025-04-03 | 7.5 HIGH | N/A |
| Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. | |||||
| CVE-2002-0344 | 1 Symantec | 1 Liveupdate | 2025-04-03 | 5.0 MEDIUM | N/A |
| Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server. | |||||
| CVE-2005-3532 | 1 Double Precision Incorporated | 1 Courier Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
| authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled. | |||||
| CVE-2003-0332 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 7.6 HIGH | N/A |
| The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. | |||||
| CVE-2001-0595 | 1 Sun | 1 Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program. | |||||
| CVE-2005-4678 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0644 | 1 Cpg-nuke | 1 Dragonfly Cms | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php. | |||||