Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3737 | 1 Inkscape | 1 Inkscape | 2025-04-03 | 5.1 MEDIUM | N/A |
| Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values. | |||||
| CVE-2005-2145 | 1 Prevx | 1 Prevx Pro 2005 | 2025-04-03 | 4.6 MEDIUM | N/A |
| The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message. | |||||
| CVE-2003-1055 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup. | |||||
| CVE-2005-4533 | 1 Scponly | 1 Scponly | 2025-04-03 | 7.5 HIGH | N/A |
| Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered. | |||||
| CVE-2006-1600 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2004-1824 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php. | |||||
| CVE-2002-2017 | 1 Sas | 2 Base, Integration Technologies | 2025-04-03 | 10.0 HIGH | N/A |
| sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. | |||||
| CVE-2004-0621 | 1 Zaireweb Solutions | 1 Newsletter Zws | 2025-04-03 | 10.0 HIGH | N/A |
| admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords. | |||||
| CVE-2005-3538 | 1 Ifax Solutions | 1 Hylafax | 2025-04-03 | 7.5 HIGH | N/A |
| hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges. | |||||
| CVE-2000-0465 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
| Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability. | |||||
| CVE-2006-0089 | 1 Esri | 1 Arcpad | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute. | |||||
| CVE-2003-1242 | 1 Sage | 1 Sage | 2025-04-03 | 5.0 MEDIUM | N/A |
| Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message. | |||||
| CVE-2006-0220 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13. | |||||
| CVE-2004-0543 | 1 Oracle | 2 Applications, E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries. | |||||
| CVE-2006-2736 | 1 Phpbb-portal | 1 Blend Portal | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507. | |||||
| CVE-2002-2128 | 1 W-agora | 1 W-agora | 2025-04-03 | 4.6 MEDIUM | N/A |
| editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter. | |||||
| CVE-2006-1407 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2025-04-03 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp. | |||||
| CVE-2004-2232 | 1 Moodle | 1 Moodle | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. | |||||
| CVE-2006-2191 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable. | |||||
| CVE-2004-0835 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2025-04-03 | 7.5 HIGH | N/A |
| MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. | |||||