Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2426 | 1 Axis | 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi. | |||||
| CVE-2006-2032 | 1 Corenews | 1 Corenews | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php. | |||||
| CVE-2005-4554 | 1 Dev | 1 Dev Web Management System | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php. | |||||
| CVE-2005-2705 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 7.5 HIGH | N/A |
| Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | |||||
| CVE-2003-0284 | 1 Adobe | 1 Acrobat | 2025-04-03 | 7.5 HIGH | N/A |
| Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus. | |||||
| CVE-2006-1758 | 1 Bill Shupp | 1 Vegadns | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2005-3209 | 1 Aenovo | 3 Aenovo, Aenovoshop, Aenovowysi | 2025-04-03 | 4.6 MEDIUM | N/A |
| Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges. | |||||
| CVE-2004-1857 | 1 Hp | 1 Web Jetadmin | 2025-04-03 | 2.1 LOW | N/A |
| Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. | |||||
| CVE-2006-0211 | 1 Helm Hosting | 1 Helm Hosting Control Panel | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter. | |||||
| CVE-2000-1160 | 1 Network Associates | 1 Sniffer Agent | 2025-04-03 | 5.0 MEDIUM | N/A |
| NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests. | |||||
| CVE-2002-2098 | 1 Axspawn | 1 Axspawn | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets. | |||||
| CVE-2000-0516 | 1 Intel | 1 Shiva Access Manager | 2025-04-03 | 7.2 HIGH | N/A |
| When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server. | |||||
| CVE-2006-2225 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username. | |||||
| CVE-1999-0350 | 1 Rational Software | 1 Clearcase | 2025-04-03 | 6.2 MEDIUM | N/A |
| Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits. | |||||
| CVE-2006-4350 | 1 Oneorzero | 1 Oneorzero | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2000-0462 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
| ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory. | |||||
| CVE-2004-0165 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. | |||||
| CVE-2003-0224 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." | |||||
| CVE-2005-4664 | 1 Ocomon | 1 Ocomon | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662. | |||||
| CVE-2005-0740 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. | |||||