Total
29554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1995 | 1 Lebios | 1 Phptonuke.php | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter. | |||||
| CVE-2005-2013 | 1 Php Arena | 1 Pafaq | 2025-04-03 | 5.0 MEDIUM | N/A |
| paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | |||||
| CVE-2004-1069 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2025-04-03 | 1.2 LOW | N/A |
| Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function. | |||||
| CVE-2005-3079 | 1 Punbb | 1 Punbb | 2025-04-03 | 4.6 MEDIUM | N/A |
| PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection. | |||||
| CVE-2006-1578 | 1 Index Data Aps | 1 Keystone Digital Library Suite | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module. | |||||
| CVE-2005-4463 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
| WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1. | |||||
| CVE-2006-3364 | 1 F-art Agency | 1 Blog Cms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2002-2213 | 2 Infoblox, Isc | 2 Dns One, Bind | 2025-04-03 | 5.0 MEDIUM | N/A |
| The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | |||||
| CVE-2002-0581 | 1 Workforceroi | 1 Xpede | 2025-04-03 | 7.5 HIGH | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script. | |||||
| CVE-2003-0123 | 1 Ibm | 2 Lotus Domino, Lotus Notes Client | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. | |||||
| CVE-2005-0672 | 1 Ca3de | 1 Ca3de | 2025-04-03 | 7.5 HIGH | N/A |
| Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference. | |||||
| CVE-2004-0893 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | |||||
| CVE-1999-0841 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type. | |||||
| CVE-2006-4456 | 1 Phpecard | 1 Phpecard | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2000-0354 | 1 Lee Mcloughlin | 1 Mirror | 2025-04-03 | 5.0 MEDIUM | N/A |
| mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory. | |||||
| CVE-2005-3793 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php. | |||||
| CVE-2000-0510 | 1 Debian | 1 Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request. | |||||
| CVE-2001-1210 | 1 Cisco | 3 Ubr920, Ubr924, Ubr925 | 2025-04-03 | 6.4 MEDIUM | N/A |
| Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings. | |||||
| CVE-2006-0106 | 1 Wine | 1 Wine | 2025-04-03 | 7.5 HIGH | N/A |
| gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. | |||||
| CVE-2005-1632 | 1 Tavis Rudd | 1 Cheetah | 2025-04-03 | 7.2 HIGH | N/A |
| Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/. | |||||