Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0905 | 1 Qnx | 1 Voyager | 2025-04-03 | 5.0 MEDIUM | N/A |
| QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page. | |||||
| CVE-2001-1306 | 1 Sun | 1 Iplanet Directory Server | 2025-04-03 | 7.5 HIGH | N/A |
| iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2006-3612 | 1 Phorum | 1 Phorum | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2001-1526 | 1 Easyscripts | 1 Easynews | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. | |||||
| CVE-2006-3429 | 1 Tigertom Scripts | 1 Ttcalc Script | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the currency parameter in (1) loan.php and (2) mortgage.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2003-0084 | 1 Mod Auth Any | 1 Mod Auth Any | 2025-04-03 | 7.5 HIGH | N/A |
| mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2004-0051 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as (1) uuencode, (2) mac-binhex40, and (3) yenc, which may be interpreted differently by mail clients. | |||||
| CVE-2006-1245 | 1 Microsoft | 1 Ie | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | |||||
| CVE-2005-1560 | 1 Neteyes | 1 Nexusway | 2025-04-03 | 10.0 HIGH | N/A |
| The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute. | |||||
| CVE-2003-0312 | 1 Snowblind.net | 1 Snowblind Web Server | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. | |||||
| CVE-2006-0768 | 1 Kadu | 1 Kadu | 2025-04-03 | 5.0 MEDIUM | N/A |
| Kadu 0.4.3 allows remote attackers to cause a denial of service (application crash) via a large number of image send requests. | |||||
| CVE-2002-1057 | 1 Smartmax Software | 1 Mailmax | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2001-0087 | 1 Michael Glickman | 1 Itetris | 2025-04-03 | 7.2 HIGH | N/A |
| itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program. | |||||
| CVE-2000-0541 | 1 Panda | 1 Panda Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
| The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. | |||||
| CVE-2005-0537 | 1 Igeneric | 1 Free Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters. | |||||
| CVE-2005-1291 | 1 Cartwiz | 1 Asp Cart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp. | |||||
| CVE-1999-1458 | 1 Digital | 1 Unix | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in at program in Digital UNIX 4.0 allows local users to gain root privileges via a long command line argument. | |||||
| CVE-2002-0991 | 1 Hp | 1 Cifs-9000 Server | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters. | |||||
| CVE-2005-3128 | 1 Squirrelmail | 1 Address Add Plugin | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. | |||||
| CVE-2004-0465 | 1 Openconnect | 1 Webconnect | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter. | |||||