Total
29554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1415 | 1 Dotnetbb | 1 Dotnetbb Forums | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter. | |||||
| CVE-2006-3488 | 1 Virtuastore | 1 Virtuastore | 2025-04-03 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim. | |||||
| CVE-2005-4381 | 1 Caravel Cms | 1 Caravel Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters. | |||||
| CVE-2003-0088 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
| TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information. | |||||
| CVE-1999-0744 | 1 Netscape | 2 Enterprise Server, Fasttrack Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. | |||||
| CVE-2005-1370 | 1 Hp | 1 Openview Radia Management Portal | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2001-1306 | 1 Sun | 1 Iplanet Directory Server | 2025-04-03 | 7.5 HIGH | N/A |
| iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2004-2113 | 1 Herberlin | 1 Bremsserver | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-1999-1009 | 1 Disney | 1 Go Express Search | 2025-04-03 | 2.6 LOW | N/A |
| The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system. | |||||
| CVE-2005-0216 | 1 Woltlab | 1 Burning Board Lite | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter. | |||||
| CVE-2006-4705 | 1 Dominic Gamble | 1 Timesheet.php | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2001-1548 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 2.1 LOW | N/A |
| ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. | |||||
| CVE-2005-3692 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments. | |||||
| CVE-2006-2249 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters. | |||||
| CVE-2002-1624 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters. | |||||
| CVE-2006-0178 | 1 Cray | 1 Unicos | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. | |||||
| CVE-2001-0549 | 1 Symantec | 1 Liveupdate | 2025-04-03 | 4.6 MEDIUM | N/A |
| Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords. | |||||
| CVE-2003-0990 | 1 Squirrelmail | 2 Gpg Plugin, Squirrelmail | 2025-04-03 | 7.5 HIGH | N/A |
| The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field. | |||||
| CVE-2006-1546 | 1 Apache | 1 Struts | 2025-04-03 | 7.5 HIGH | N/A |
| Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check. | |||||
| CVE-1999-0212 | 1 Sun | 1 Sunos | 2025-04-03 | 7.8 HIGH | N/A |
| Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. | |||||