Total
29554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2041 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-4029 | 1 Esi Products | 1 Webeoc | 2025-04-03 | 5.0 MEDIUM | N/A |
| WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods. | |||||
| CVE-2004-2151 | 1 Virtual Projects | 1 Chatman | 2025-04-03 | 5.0 MEDIUM | N/A |
| Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via a very large data size. | |||||
| CVE-1999-0855 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in FreeBSD gdc program. | |||||
| CVE-2002-1577 | 1 Sap | 1 Sap R 3 | 2025-04-03 | 7.5 HIGH | N/A |
| SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts. | |||||
| CVE-2006-1912 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 5.8 MEDIUM | N/A |
| MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. | |||||
| CVE-2002-1541 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 7.5 HIGH | N/A |
| BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash). | |||||
| CVE-2005-0782 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php. | |||||
| CVE-2000-0975 | 1 Anaconda Partners | 1 Foundation Directory | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2004-0529 | 1 Cluecentral | 1 Suexec.patch | 2025-04-03 | 7.2 HIGH | N/A |
| The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490. | |||||
| CVE-2006-1143 | 1 Ftpoed | 1 Ftpoed Blog Engine | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment_body parameter, as used by the comment field, when posting a comment. | |||||
| CVE-2005-1737 | 1 Electricmonk | 1 Proms | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list. | |||||
| CVE-2005-1773 | 1 Lsoft | 1 Listserv | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available. | |||||
| CVE-2004-1199 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
| Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | |||||
| CVE-2005-2482 | 1 Metasploit | 1 Metasploit Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
| The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command. | |||||
| CVE-2005-1055 | 1 Towerblog | 1 Towerblog | 2025-04-03 | 7.5 HIGH | N/A |
| TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file. | |||||
| CVE-2002-2153 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2006-1016 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. | |||||
| CVE-2004-1373 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file. | |||||
| CVE-2006-0765 | 1 Mirabilis | 2 Icq, Icq Lite | 2025-04-03 | 5.1 MEDIUM | N/A |
| GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs. | |||||