Total
29862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4379 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; the (3) blog_id parameter to (e) blogs/view.php; and the (4) search field to (f) users/my_groups.php. | |||||
| CVE-2006-0843 | 1 Leif M. Wright | 1 Web Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
| Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password. | |||||
| CVE-2005-2462 | 1 Kayako | 1 Liveresponse | 2025-04-03 | 2.1 LOW | N/A |
| Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. | |||||
| CVE-2003-0303 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter. | |||||
| CVE-2003-0447 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
| The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated. | |||||
| CVE-2001-0711 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. | |||||
| CVE-2004-2100 | 1 Geovision | 1 Geohttpserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines). | |||||
| CVE-2006-0216 | 1 Qualityebiz | 1 Quality Ppc | 2025-04-03 | 5.0 MEDIUM | N/A |
| admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter. | |||||
| CVE-2006-4116 | 1 Lhaz | 1 Lhaz | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message. | |||||
| CVE-2006-4709 | 1 Vikingboard | 1 Vikingboard | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in topic.php in Vikingboard 0.1b allows remote attackers to execute arbitrary SQL commands via the s parameter. | |||||
| CVE-2004-1120 | 1 Prozilla | 1 Prozilla Download Accelerator | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header. | |||||
| CVE-1999-0359 | 1 Marc Schaefer | 1 Ptylogin | 2025-04-03 | 7.5 HIGH | N/A |
| ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords. | |||||
| CVE-2002-2171 | 1 Andrey Cherezov | 1 Acweb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL. | |||||
| CVE-2002-1667 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
| The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags. | |||||
| CVE-2006-0215 | 1 Qualityebiz | 1 Quality Ppc | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216. | |||||
| CVE-1999-0970 | 1 Omnicron | 1 Omnihttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created. | |||||
| CVE-2002-1094 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 5.0 MEDIUM | N/A |
| Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request. | |||||
| CVE-2005-4419 | 1 Quicksquare Development | 2 Honeycomb Archive, Honeycomb Archive Enterprise | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters. | |||||
| CVE-2006-4001 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2025-04-03 | 7.5 HIGH | N/A |
| Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password. | |||||
| CVE-2003-0671 | 1 Jeremy Elson | 1 Tcpflow | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow. | |||||