Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1698 | 1 Matt Wright | 1 Matt Wright Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis. | |||||
| CVE-2002-1675 | 1 Unreal | 1 Unrealircd | 2025-04-03 | 6.4 MEDIUM | N/A |
| Format string vulnerability in the Cio_PrintF function of cio_main.c in Unreal IRCd 3.1.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers. | |||||
| CVE-2005-1348 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header. | |||||
| CVE-2006-3881 | 1 Musicbox | 1 Musicbox | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type and show parameters in a top action, are already covered by CVE-2006-1349; and the term parameter in a search action is already covered by CVE-2006-1806. | |||||
| CVE-1999-1421 | 1 N-base | 2 Nh208, Nh215 | 2025-04-03 | 6.4 MEDIUM | N/A |
| NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names. | |||||
| CVE-2006-3785 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 2.1 LOW | N/A |
| Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin. | |||||
| CVE-2006-2258 | 1 Maxxcode | 1 Maxxschedule | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter. | |||||
| CVE-2005-4767 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.1 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password. | |||||
| CVE-1999-0732 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
| The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. | |||||
| CVE-2006-1566 | 1 Debian | 1 Debian Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory. | |||||
| CVE-2001-1569 | 1 Cmg | 1 Openwave Wap Gateway | 2025-04-03 | 6.4 MEDIUM | N/A |
| Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2006-0469 | 1 Uebimiau | 1 Uebimiau | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag. | |||||
| CVE-2004-1353 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges. | |||||
| CVE-2004-2176 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 4.6 MEDIUM | N/A |
| The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. | |||||
| CVE-2000-0734 | 2 Eeye Digital Security, Spynet | 2 Iris, Capturenet | 2025-04-03 | 5.0 MEDIUM | N/A |
| eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections. | |||||
| CVE-2004-2430 | 1 Trend Micro | 1 Officescan | 2025-04-03 | 7.2 HIGH | N/A |
| Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges. | |||||
| CVE-2001-0179 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
| Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." | |||||
| CVE-2005-0343 | 1 Logicnow | 1 Perldesk | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter. | |||||
| CVE-2003-0389 | 1 Rsa | 1 Ace Agent | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script. | |||||
| CVE-2005-1838 | 1 Liberum | 1 Liberum Help Desk | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in castnewPost.asp in Liberum Help Desk 0.97.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Email, (2) Title, or (3) Description fields. | |||||