Total
29549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2677 | 1 Qwikmail | 1 Qwikmail Smtp | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments. | |||||
| CVE-2004-0646 | 1 Macromedia | 2 Coldfusion, Jrun | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields. | |||||
| CVE-2001-0837 | 1 Deltathree | 1 Pc-to-phone | 2025-04-03 | 2.1 LOW | N/A |
| DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder. | |||||
| CVE-2005-3488 | 1 Scorched 3d | 1 Scorched 3d | 2025-04-03 | 7.8 HIGH | N/A |
| Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a denial of service (long loop and server hang) via a negative numplayers value that bypasses a signed check in ServerConnectHandler.cpp. | |||||
| CVE-2006-2476 | 1 Bitrix | 1 Bitrix Site Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
| Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2000-0596 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. | |||||
| CVE-2005-4736 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 6.8 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | |||||
| CVE-1999-0591 | 2025-04-03 | 10.0 HIGH | N/A | ||
| An event log in Windows NT has inappropriate access permissions. | |||||
| CVE-2004-1320 | 1 Asante | 1 Fm2008 Managed Ethernet Switch | 2025-04-03 | 7.5 HIGH | N/A |
| Asante FM2008 running firmware 1.06 is shipped with a default username and password, which could allow remote attackers to gain unauthorized access. | |||||
| CVE-2001-0900 | 1 Francisco Burzi | 1 Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. | |||||
| CVE-2006-0688 | 1 Nicecoder | 1 Indexu | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | |||||
| CVE-2006-4626 | 1 Alwil | 1 Avast Antivirus | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow. | |||||
| CVE-2005-4713 | 1 Pam Mysql | 1 Pam Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call. | |||||
| CVE-2001-1020 | 1 Vibechild | 1 Directory Manager | 2025-04-03 | 7.5 HIGH | N/A |
| edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function. | |||||
| CVE-2005-4166 | 1 Duware | 1 Duportal Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter. | |||||
| CVE-2002-2029 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
| PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. | |||||
| CVE-2005-0157 | 1 Smartlist | 1 Smartlist | 2025-04-03 | 7.5 HIGH | N/A |
| The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned. | |||||
| CVE-2005-3639 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability. | |||||
| CVE-2005-4336 | 1 Courseforum | 1 Projectforum | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) originalpageid parameter in admin/newpage.html associated with a group. | |||||
| CVE-2006-1660 | 1 Softbiz | 1 Image Gallery | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||