Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2677 | 1 Acnews | 1 Acnews | 2025-04-03 | 5.0 MEDIUM | N/A |
| ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server. | |||||
| CVE-2004-2082 | 1 Karjasoft | 1 Sami Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters. | |||||
| CVE-2003-0652 | 1 Xtokkaetama | 1 Xtokkaetama | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611. | |||||
| CVE-2002-1722 | 1 Logitech | 3 Cordless Freedom Itouch Keyboard, Cordless Itouch Keyboard, Itouch Keyboard | 2025-04-03 | 4.6 MEDIUM | N/A |
| Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button. | |||||
| CVE-2006-0763 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter. | |||||
| CVE-2006-2532 | 1 Greg Donald | 1 Destiney Rated Images Script | 2025-04-03 | 6.4 MEDIUM | N/A |
| stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set. | |||||
| CVE-2005-3920 | 1 Babe Logger | 1 Babe Logger | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php. | |||||
| CVE-2004-2258 | 1 Hummingbird | 1 Exceed | 2025-04-03 | 2.1 LOW | N/A |
| Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab. | |||||
| CVE-2000-0514 | 1 Mit | 1 Kerberos 5 | 2025-04-03 | 10.0 HIGH | N/A |
| GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. | |||||
| CVE-2001-0591 | 1 Oracle | 2 Application Server, Jsp | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | |||||
| CVE-2004-0952 | 1 Hp | 1 Hp-ux | 2025-04-03 | 6.4 MEDIUM | N/A |
| HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption. | |||||
| CVE-2000-1202 | 1 Ibm | 1 Http Server Ssl Module Common | 2025-04-03 | 7.2 HIGH | N/A |
| ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class. | |||||
| CVE-2002-1894 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | |||||
| CVE-2006-0604 | 1 Hinton Design | 1 Phphg Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
| check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2006-1883 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05. | |||||
| CVE-2004-0992 | 1 Proxytunnel | 1 Proxytunnel | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer. | |||||
| CVE-2005-1333 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Bluetooth file and object exchange (OBEX) services in Mac OS X 10.3.9 allows remote attackers to read arbitrary files. | |||||
| CVE-2006-1202 | 1 Jcink.com | 1 Textfilebb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value. | |||||
| CVE-2002-0822 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
| Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. | |||||
| CVE-1999-0568 | 1 Sun | 1 Solaris | 2025-04-03 | 10.0 HIGH | N/A |
| rpc.admind in Solaris is not running in a secure mode. | |||||