Total
29862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1572 | 1 O2php.com | 1 Oxygen | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action. | |||||
| CVE-2003-0424 | 1 Apple | 1 Darwin Streaming Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi. | |||||
| CVE-1999-0937 | 2025-04-03 | 10.0 HIGH | N/A | ||
| BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. | |||||
| CVE-2004-1068 | 3 Linux, Redhat, Ubuntu | 5 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2025-04-03 | 6.2 MEDIUM | N/A |
| A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition. | |||||
| CVE-1999-1135 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
| Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438. | |||||
| CVE-2005-1960 | 1 C.j. Steele | 1 Tattle | 2025-04-03 | 7.5 HIGH | N/A |
| The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username. | |||||
| CVE-2001-0890 | 1 Sane | 1 Sane | 2025-04-03 | 2.1 LOW | N/A |
| Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files. | |||||
| CVE-2001-1223 | 1 Elsa | 1 Lancom 1100 Office | 2025-04-03 | 10.0 HIGH | N/A |
| The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. | |||||
| CVE-2006-1493 | 1 Nikolay Avrionov | 1 Explorer Xp | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is resultant from CVE-2006-1492. | |||||
| CVE-2005-1616 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 7.5 HIGH | N/A |
| viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened. | |||||
| CVE-1999-1384 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program. | |||||
| CVE-2001-1136 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
| The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. | |||||
| CVE-2005-4323 | 1 Hitachi | 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client | 2025-04-03 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component. | |||||
| CVE-2004-1556 | 1 Mywebserver | 1 Mywebserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time. | |||||
| CVE-2005-1853 | 1 University Of Minnesota | 1 Gopher | 2025-04-03 | 7.2 HIGH | N/A |
| gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges. | |||||
| CVE-2004-0552 | 1 Sophos | 1 Small Business Suite | 2025-04-03 | 7.5 HIGH | N/A |
| Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed. | |||||
| CVE-2001-0487 | 1 Ibm | 1 Aix Snmp | 2025-04-03 | 5.0 MEDIUM | N/A |
| AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection. | |||||
| CVE-1999-1291 | 1 Microsoft | 2 Windows 95, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. | |||||
| CVE-2005-3477 | 1 Invision Power Services | 1 Invision Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery. | |||||
| CVE-2006-1238 | 1 Dsportal | 1 Dslogin | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php. | |||||