Total
29560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1581 | 1 Blackboard | 1 Blackboard | 2025-04-03 | 5.0 MEDIUM | N/A |
| BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message. | |||||
| CVE-2004-1334 | 2 Linux, Redhat | 3 Linux Kernel, Fedora Core, Linux | 2025-04-03 | 2.1 LOW | N/A |
| Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow. | |||||
| CVE-2005-1187 | 1 X-ways Software Technology Ag | 1 Winhex | 2025-04-03 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument. NOTE: since this overflow is in the command line of an unprivileged program, it is highly likely that this is not a vulnerability. | |||||
| CVE-2005-4017 | 1 Widget Press | 1 Widget Property | 2025-04-03 | 5.0 MEDIUM | N/A |
| property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | |||||
| CVE-2000-0227 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets. | |||||
| CVE-2003-0318 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. | |||||
| CVE-2006-3767 | 1 Darrens 5-dollar Script Archive | 1 Osdate | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when posting a comment. | |||||
| CVE-2005-0760 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 5.0 MEDIUM | N/A |
| The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. | |||||
| CVE-2005-2379 | 1 Oracle | 1 Reports | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. | |||||
| CVE-2006-0980 | 1 Jay Eckles | 1 Cgi Calendar | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi. | |||||
| CVE-1999-1345 | 1 Auto Ftp | 1 Auto Ftp | 2025-04-03 | 4.6 MEDIUM | N/A |
| Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred. | |||||
| CVE-2006-4427 | 1 Efiction | 1 Efiction | 2025-04-03 | 5.1 MEDIUM | N/A |
| index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1". | |||||
| CVE-2004-1167 | 1 Gentoo | 1 Mirrorselect | 2025-04-03 | 5.0 MEDIUM | N/A |
| mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-3116 | 1 Symantec Veritas | 1 Netbackup | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2006-1229 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-3400 | 2 Id Software, Raven Software | 2 Quake 3 Engine, Soldier Of Fortune 2 | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. | |||||
| CVE-2005-1802 | 1 Nortel | 9 Contivity, Vpn Router 1010, Vpn Router 1050 and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. | |||||
| CVE-2004-2323 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config. | |||||
| CVE-2006-2961 | 1 Aclogic | 1 Cesarftp | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2005-1734 | 1 Electricmonk | 1 Proms | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||