Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4196 | 1 Internet Scout | 1 Scout Portal Toolkit | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCat1, (9) F_TextField1, (10) F_SearchCat2, (11) F_TextField2, (12) F_SearchCat3, (13) F_TextField3, (14) F_SearchCat4, (15) F_TextField4, (16) ResourceType, (17) Language, (18) Audience, (19) Format parameters in SPT--AdvancedSearch.php. | |||||
| CVE-2005-0554 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability." | |||||
| CVE-2006-2633 | 1 Andrew Godwin | 1 Bytehoard | 2025-04-03 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter. | |||||
| CVE-2005-4551 | 1 Simpbook | 1 Simpbook | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php. | |||||
| CVE-2001-0037 | 1 Keware Technologies | 1 Homeseer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers. | |||||
| CVE-2000-0366 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
| dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. | |||||
| CVE-2006-0529 | 1 Ca | 1 Messaging | 2025-04-03 | 5.0 MEDIUM | N/A |
| Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105. | |||||
| CVE-2005-1757 | 1 Novell | 1 Netmail | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. | |||||
| CVE-2004-1929 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. | |||||
| CVE-2002-0504 | 1 Citrix | 1 Nfuse | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. | |||||
| CVE-2003-0213 | 1 Poptop | 1 Pptp Server | 2025-04-03 | 7.5 HIGH | N/A |
| ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow. | |||||
| CVE-2005-2238 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
| ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports. | |||||
| CVE-2005-1959 | 1 Jammail | 1 Jammail | 2025-04-03 | 7.5 HIGH | N/A |
| jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute arbitrary commands via shell metacharacters in the mail parameter. | |||||
| CVE-2004-2564 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp. | |||||
| CVE-2005-1691 | 1 Sap | 1 Sap R 3 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request. | |||||
| CVE-1999-0198 | 2025-04-03 | 10.0 HIGH | N/A | ||
| finger .@host on some systems may print information on some user accounts. | |||||
| CVE-2001-0709 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | |||||
| CVE-2001-0805 | 1 Tarantella | 1 Tarantella Enterprise | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter. | |||||
| CVE-2006-3054 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php. | |||||
| CVE-2000-1199 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 4.6 MEDIUM | N/A |
| PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases. | |||||