Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4866 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument. | |||||
| CVE-2006-3384 | 1 Vincent Leclercq | 1 News | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters. | |||||
| CVE-2006-1207 | 1 Sergey Korostel | 1 Php Upload Center | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file. | |||||
| CVE-2006-1994 | 1 Dforum | 1 Dforum | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php. | |||||
| CVE-2001-1048 | 1 Topher1kenobe | 1 Awol | 2025-04-03 | 7.5 HIGH | N/A |
| AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2000-0773 | 1 Bajie | 1 Java Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack. | |||||
| CVE-2005-3533 | 1 Osh | 1 Osh | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in OSH before 1.7-15 allows local users to execute arbitrary code via a long current working directory and filename. | |||||
| CVE-2002-1542 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow. | |||||
| CVE-2006-0869 | 1 Pear | 1 Pear Liveuser | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie. | |||||
| CVE-2001-1418 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file. | |||||
| CVE-2005-3086 | 1 Contentserv | 1 Contentserv | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter. | |||||
| CVE-2006-3296 | 1 George Currums | 1 Open Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2005-4020 | 1 Widget Press | 1 Widget Imprint | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | |||||
| CVE-2001-0023 | 1 Leif M. Wright | 1 Everythingform.cgi | 2025-04-03 | 10.0 HIGH | N/A |
| everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. | |||||
| CVE-2002-1868 | 1 Daniel Stenberg | 1 Dispair | 2025-04-03 | 10.0 HIGH | N/A |
| Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields. | |||||
| CVE-2000-0145 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
| The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. | |||||
| CVE-2006-4962 | 1 Blue Dragon | 1 Php Blue Dragon | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file. | |||||
| CVE-2005-4239 | 1 Php Jackknife | 1 Php Jackknife | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter. | |||||
| CVE-2004-0256 | 1 Gnu | 1 Libtool | 2025-04-03 | 2.1 LOW | N/A |
| GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp. | |||||
| CVE-2005-0956 | 1 Interakt | 1 Mx Kart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kart 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_man parameter. | |||||