Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1115 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php. | |||||
| CVE-2003-1258 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
| activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid. | |||||
| CVE-2001-0422 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. | |||||
| CVE-2006-0391 | 1 Apple | 1 Mac Os X | 2025-04-03 | 1.7 LOW | N/A |
| Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper. | |||||
| CVE-2005-1349 | 1 Perl | 1 Convert Uulib | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. | |||||
| CVE-2002-0554 | 1 Ibm | 1 Informix Web Datablade | 2025-04-03 | 7.5 HIGH | N/A |
| webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. | |||||
| CVE-2005-4407 | 1 Tmc Visionpool | 1 Mercury Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters. | |||||
| CVE-2000-1016 | 1 Suse | 1 Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL. | |||||
| CVE-2006-3038 | 1 Cescripts | 1 Realty Room Rent | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed." | |||||
| CVE-2001-0143 | 2 Immunix, Redhat | 2 Immunix, Linux | 2025-04-03 | 1.2 LOW | N/A |
| vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-1999-1167 | 1 Third Voice | 1 Third Voice Web | 2025-04-03 | 6.4 MEDIUM | N/A |
| Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation. | |||||
| CVE-2002-1594 | 2 Grpck, Pwck | 2 Grpck, Pwck | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument. | |||||
| CVE-2005-0214 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter. | |||||
| CVE-1999-0824 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
| A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. | |||||
| CVE-2006-2014 | 1 Web-provence | 1 Sl Site | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS from an error message. | |||||
| CVE-2003-0863 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. | |||||
| CVE-2006-3029 | 1 Clicktech | 1 Clickcart | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in ClickTech Clickcart 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2003-0237 | 1 Mirabilis | 1 Icq | 2025-04-03 | 7.5 HIGH | N/A |
| The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack. | |||||
| CVE-2000-0935 | 1 Samba | 1 Samba | 2025-04-03 | 7.2 HIGH | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. | |||||
| CVE-2000-1223 | 1 I-soft | 1 Quikstore | 2025-04-03 | 7.5 HIGH | N/A |
| quikstore.cgi in Quikstore Shopping Cart allows remote attackers to execute arbitrary commands via shell metacharacters in the URL portion of an HTTP GET request. | |||||