Total
29554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2139 | 1 Wilsonncareabusinesses | 1 Php Newsfeed | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php. | |||||
| CVE-2001-1169 | 1 Bell Communications Research | 1 S Key | 2025-04-03 | 7.5 HIGH | N/A |
| keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo. | |||||
| CVE-2005-2676 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. | |||||
| CVE-2006-2629 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.0 MEDIUM | N/A |
| Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h. | |||||
| CVE-2001-0621 | 1 Cisco | 1 Content Services Switch 11000 | 2025-04-03 | 7.5 HIGH | N/A |
| The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. | |||||
| CVE-2005-4236 | 1 Cartkeeper | 1 Ckgold Shopping Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters. | |||||
| CVE-2005-4493 | 1 Speartek | 1 Speartek | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2006-4883 | 1 Idevspot | 1 Bizdirectory | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php. | |||||
| CVE-1999-0609 | 1 Mercantec | 1 Softcart | 2025-04-03 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. | |||||
| CVE-2005-4400 | 1 Liferay | 1 Liferay Portal Enterprise | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. | |||||
| CVE-1999-1256 | 1 Oracle | 1 Database Assistant | 2025-04-03 | 4.6 MEDIUM | N/A |
| Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file. | |||||
| CVE-2005-0854 | 1 Betaparticle | 1 Betaparticle Blog | 2025-04-03 | 7.5 HIGH | N/A |
| betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp. | |||||
| CVE-2004-1263 | 1 Changepassword | 1 Changepassword | 2025-04-03 | 7.2 HIGH | N/A |
| changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program. | |||||
| CVE-1999-0650 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
| The netstat service is running, which provides sensitive information to remote attackers. | |||||
| CVE-2002-1986 | 1 Perception | 1 Liteserve | 2025-04-03 | 5.0 MEDIUM | N/A |
| Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot ("."). | |||||
| CVE-2005-0837 | 1 Icecast | 1 Icecast | 2025-04-03 | 5.0 MEDIUM | N/A |
| IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot). | |||||
| CVE-1999-1362 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
| Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. | |||||
| CVE-2004-2183 | 1 Wehelpbus | 1 Wehelpbus | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string. | |||||
| CVE-2004-2058 | 1 Xlinesoft | 1 Asprunner | 2025-04-03 | 5.0 MEDIUM | N/A |
| ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages. | |||||
| CVE-2006-2107 | 1 Bl4 | 1 Smtp Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands. | |||||