Total
29539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3236 | 1 Thinkfactory | 1 Thinkwms | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php. | |||||
| CVE-2005-4546 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | 7.8 HIGH | N/A |
| search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability. | |||||
| CVE-2005-4392 | 1 E-publish | 1 E-publish | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2001-0008 | 2 Borland Software, Firebirdsql | 2 Interbase, Firebird | 2025-04-03 | 10.0 HIGH | N/A |
| Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures. | |||||
| CVE-2004-1785 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable. | |||||
| CVE-2006-2810 | 1 Belchior Foundry | 1 Vcard | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. | |||||
| CVE-2004-0283 | 1 Mailmgr | 1 Mailmgr | 2025-04-03 | 2.1 LOW | N/A |
| Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort. | |||||
| CVE-2005-3855 | 1 Easybe | 1 1-2-3 Music Store | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. | |||||
| CVE-2002-1470 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 2.1 LOW | N/A |
| SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file. | |||||
| CVE-2002-2034 | 1 John Hardin | 1 Procmail Email Sanitizer | 2025-04-03 | 7.5 HIGH | N/A |
| The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments. | |||||
| CVE-2004-0610 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. | |||||
| CVE-2006-3484 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php. | |||||
| CVE-2003-0206 | 1 Gkrellm Newsticker | 1 Gkrellm Newsticker | 2025-04-03 | 5.0 MEDIUM | N/A |
| gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines. | |||||
| CVE-1999-1080 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. | |||||
| CVE-2002-0532 | 1 Emumail | 3 Emumail, Emumail Red Hat Linux, Emumail Unix | 2025-04-03 | 7.2 HIGH | N/A |
| EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. | |||||
| CVE-1999-1272 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges. | |||||
| CVE-1999-1263 | 1 Metamail Corporation | 1 Metamail | 2025-04-03 | 2.6 LOW | N/A |
| Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file. | |||||
| CVE-1999-1470 | 1 Eastman Software | 1 Work Management | 2025-04-03 | 4.6 MEDIUM | N/A |
| Eastman Work Management 3.21 stores passwords in cleartext in the COMMON and LOCATOR registry keys, which could allow local users to gain privileges. | |||||
| CVE-2000-0626 | 1 Computer Software Manufaktur | 1 Alibaba | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request. | |||||
| CVE-2005-1338 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
| Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext. | |||||