Total
29554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0024 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. | |||||
| CVE-2004-1758 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. | |||||
| CVE-2001-0707 | 1 Denicomp | 1 Rshd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514. | |||||
| CVE-2005-0808 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | |||||
| CVE-1999-1472 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. | |||||
| CVE-1999-0264 | 1 Miva | 1 Htmlscript | 2025-04-03 | 5.0 MEDIUM | N/A |
| htmlscript CGI program allows remote read access to files. | |||||
| CVE-2005-2415 | 1 Astalavista It Engineering | 1 Contrexx | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to the gallery module. | |||||
| CVE-2003-0822 | 1 Microsoft | 4 Frontpage Server Extensions, Sharepoint Team Services, Windows 2000 and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. | |||||
| CVE-2006-4652 | 2 Amazing Little Picture Poll, Amazing Little Poll | 2 Amazing Little Picture Poll, Amazing Little Poll | 2025-04-03 | 7.5 HIGH | N/A |
| (1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php. | |||||
| CVE-2002-1016 | 1 Adobe | 1 Digital Editions | 2025-04-03 | 4.6 MEDIUM | N/A |
| Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files. | |||||
| CVE-2002-1099 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages. | |||||
| CVE-2005-3474 | 1 Sony | 1 First4internet Xcp Content Management | 2025-04-03 | 4.6 MEDIUM | N/A |
| The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP. | |||||
| CVE-2005-3428 | 1 Rockliffe | 1 Mailsite Express | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body. | |||||
| CVE-2005-4507 | 1 Nexus Concepts | 1 Dev Hound | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields. | |||||
| CVE-2003-0014 | 1 Bmv | 1 Bmv | 2025-04-03 | 4.6 MEDIUM | N/A |
| gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2006-3936 | 1 Alkacon | 1 Opencms | 2025-04-03 | 4.0 MEDIUM | N/A |
| system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp. | |||||
| CVE-2004-2328 | 1 Clearswift | 1 Mailsweeper | 2025-04-03 | 5.0 MEDIUM | N/A |
| Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached. | |||||
| CVE-2005-2218 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. | |||||
| CVE-2002-2197 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference. | |||||
| CVE-2006-0336 | 1 Kerio | 1 Winroute Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
| Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". | |||||