Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3542 | 1 Boxcar Media | 1 Shopping Cart | 2025-04-03 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) item field in editshop.php and edititem.php. | |||||
| CVE-2003-0375 | 1 Xmb Forum | 1 Xmb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. | |||||
| CVE-2006-2525 | 1 Usebb | 1 Usebb | 2025-04-03 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module. | |||||
| CVE-2005-4607 | 1 Incogen | 1 Bugport | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters. | |||||
| CVE-2004-2238 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability | |||||
| CVE-1999-0673 | 1 Crear | 1 Almail32 | 2025-04-03 | 5.1 MEDIUM | N/A |
| Buffer overflow in ALMail32 POP3 client via From: or To: headers. | |||||
| CVE-2005-1864 | 1 Vincent Hor | 1 Calendarix Advanced | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter. | |||||
| CVE-2004-1673 | 1 Icewarp | 1 Web Mail | 2025-04-03 | 7.5 HIGH | N/A |
| accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter. | |||||
| CVE-1999-0835 | 3 Ibm, Sco, Sun | 4 Aix, Openserver, Unixware and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| Denial of service in BIND named via malformed SIG records. | |||||
| CVE-2005-3473 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php. | |||||
| CVE-2005-4088 | 1 W2b | 1 Phpforumpro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters. | |||||
| CVE-2005-1040 | 1 Novell | 1 Linux Desktop | 2025-04-03 | 7.2 HIGH | N/A |
| Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification." | |||||
| CVE-2006-0156 | 1 Foxrum | 1 Foxrum | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php. | |||||
| CVE-2006-2578 | 1 Esyndicat | 1 Esyndicat Directory | 2025-04-03 | 5.1 MEDIUM | N/A |
| admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter. | |||||
| CVE-2003-0262 | 1 Leksbot | 1 Leksbot | 2025-04-03 | 7.2 HIGH | N/A |
| leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have. | |||||
| CVE-2006-0618 | 1 Qnx | 1 Neutrino Rtos | 2025-04-03 | 4.6 MEDIUM | N/A |
| Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name). | |||||
| CVE-2005-4275 | 1 Scientific Atlanta | 1 Dpx2100 Cable Modem | 2025-04-03 | 7.8 HIGH | N/A |
| Scientific Atlanta DPX2100 Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD), as demonstrated using hping2. NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-0581 | 2 Gnu, Mandrakesoft | 3 Ksymoops, Mandrake Linux, Mandrake Linux Corporate Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp. | |||||
| CVE-2006-2054 | 1 3com | 1 3c16486 | 2025-04-03 | 5.0 MEDIUM | N/A |
| 3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets. | |||||
| CVE-2004-0314 | 1 Freewebs | 1 Webzedit | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter. | |||||