Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4606 | 1 Longino | 1 Jacome Php-revista | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php. | |||||
| CVE-1999-0717 | 1 Microsoft | 5 Excel, Windows 2000, Windows 95 and 2 more | 2025-04-03 | 2.6 LOW | N/A |
| A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. | |||||
| CVE-2000-0597 | 1 Microsoft | 2 Excel, Powerpoint | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. | |||||
| CVE-2006-1778 | 1 Simplog | 1 Simplog | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php. | |||||
| CVE-2000-0067 | 1 Cybercash | 1 Merchant Connection Kit | 2025-04-03 | 2.1 LOW | N/A |
| CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack. | |||||
| CVE-2000-0024 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2025-04-03 | 6.4 MEDIUM | N/A |
| IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. | |||||
| CVE-2002-1011 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2001-0998 | 1 Ibm | 2 Aix, Hacmp | 2025-04-03 | 5.0 MEDIUM | N/A |
| IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd. | |||||
| CVE-2002-1605 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession. | |||||
| CVE-2003-1137 | 1 Charles Steinkuehler | 1 Sh-httpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character. | |||||
| CVE-2002-0906 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server. | |||||
| CVE-2003-0573 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
| The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact. | |||||
| CVE-2003-1212 | 1 Maxwebportal | 1 Maxwebportal | 2025-04-03 | 7.5 HIGH | N/A |
| MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page. | |||||
| CVE-2006-4318 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | 6.5 MEDIUM | N/A |
| Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. | |||||
| CVE-2006-3479 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the del_block function in modules/Admin/block.php in Nuked-Klan 1.7.5 and earlier and 1.7 SP4.2 allows remote attackers to delete arbitrary "blocks" via a link with a modified bid parameter in a del_block op on the block page in index.php. | |||||
| CVE-2001-1285 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. | |||||
| CVE-2005-2455 | 1 Greasemonkey | 1 Greasemonkey | 2025-04-03 | 5.0 MEDIUM | N/A |
| Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue. | |||||
| CVE-2005-3124 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | 2.1 LOW | N/A |
| syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2005-3864 | 1 Berlios | 1 Sourcewell | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2. | |||||
| CVE-1999-1227 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.2 HIGH | N/A |
| Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file. | |||||