Total
29553 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2674 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | 4.3 MEDIUM | N/A |
| Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected. | |||||
| CVE-2002-1631 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter. | |||||
| CVE-2005-1560 | 1 Neteyes | 1 Nexusway | 2025-04-03 | 10.0 HIGH | N/A |
| The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute. | |||||
| CVE-2006-2854 | 1 Ibwd | 1 Ibwd Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2005-4684 | 1 Kde | 1 Konqueror | 2025-04-03 | 6.4 MEDIUM | N/A |
| Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | |||||
| CVE-2006-4125 | 1 Dconnect | 1 Dconnect Daemon | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function. | |||||
| CVE-2004-0323 | 1 Xmb Forum | 1 Xmb | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta. | |||||
| CVE-2003-0612 | 1 Robert Hyatt | 1 Crafty | 2025-04-03 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group "games" privileges via long command line arguments to crafty.bin. | |||||
| CVE-2003-1277 | 1 Yabb | 1 Yabb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html | |||||
| CVE-2005-3014 | 1 Ensim | 1 Webppliance | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ensim webplliance allows remote attackers to inject arbitrary web script or HTML via the Login (OCW_login_username) field. | |||||
| CVE-2004-1074 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-03 | 2.1 LOW | N/A |
| The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary. | |||||
| CVE-2005-2032 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
| Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files. | |||||
| CVE-2006-1397 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form. | |||||
| CVE-2005-1617 | 1 Willings | 2 Webcam, Webcam Lite | 2025-04-03 | 2.1 LOW | N/A |
| Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information. | |||||
| CVE-2002-0340 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
| Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content. | |||||
| CVE-2006-0718 | 1 Avaya | 5 Csu 5000, Vsu 100, Vsu 10000 and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2006-3537 | 1 Randshop | 1 Randshop | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Randshop before 1.2 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter, a different vector than CVE-2006-3375. | |||||
| CVE-2006-3040 | 1 Amr Talkbox | 1 Amr Talkbox | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement | |||||
| CVE-2001-0091 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. | |||||
| CVE-2005-3584 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter. | |||||