Total
29539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0885 | 1 Xscreensaver | 1 Xscreensaver | 2025-04-03 | 6.4 MEDIUM | N/A |
| Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-1980 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." | |||||
| CVE-2003-1035 | 1 Sap | 2 Sap R 3, Sapgui | 2025-04-03 | 7.5 HIGH | N/A |
| The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does. | |||||
| CVE-2005-2283 | 1 Esi Products | 1 Webeoc | 2025-04-03 | 2.1 LOW | N/A |
| WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file. | |||||
| CVE-2005-4162 | 1 Acme Labs | 1 Perlcal | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCal 2.99.20 allows remote attackers to inject arbitrary web script or HTML via the p0 parameter. | |||||
| CVE-2002-0440 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 7.5 HIGH | N/A |
| Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients. | |||||
| CVE-1999-1292 | 1 Kolban | 1 Webcam32 | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 and earlier allows remote attackers to execute arbitrary commands via a long URL. | |||||
| CVE-2002-0569 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
| Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet). | |||||
| CVE-2005-1431 | 1 Gnu | 1 Gnutls | 2025-04-03 | 5.0 MEDIUM | N/A |
| The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | |||||
| CVE-2006-2844 | 1 Redaxo | 1 Redaxo | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. | |||||
| CVE-2001-0897 | 1 Infopop | 1 Ultimate Bulletin Board | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field. | |||||
| CVE-2006-4939 | 1 Moodle | 1 Moodle | 2025-04-03 | 5.0 MEDIUM | N/A |
| backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname. | |||||
| CVE-2003-0047 | 1 Van Dyke Technologies | 3 Entunnel, Securecrt, Securefx | 2025-04-03 | 4.6 MEDIUM | N/A |
| SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | |||||
| CVE-2006-4633 | 1 Softbb | 1 Softbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter. | |||||
| CVE-2006-3090 | 1 Phpmyfactures | 1 Phpmyfactures | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_pays parameter in (a) /pays/modifier_pays.php; (2) id_produit, (3) quantite, (4) prix_ht, and (5) date parameter in (b) /stocks/ajouter.php; (6) id_cat parameter in (c) /produits/modifier_cat.php; (7) id_client parameter in (d) /clients/modifier_client.php; (8) id_remise parameter in (e) /remises/index.php; (9) id_taux parameter in (f) /tva/index.php; (10) ref_produit, and (11) id_stock parameter in (g) /stocks/index.php; (12) id_pays parameter in (h) /pays/index.php; and (13) id_cat parameter in (i) /produits/index.php. | |||||
| CVE-2003-0233 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115. | |||||
| CVE-2005-4286 | 1 Phplogcon | 1 Phplogcon | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php. | |||||
| CVE-2001-0329 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. | |||||
| CVE-2003-1103 | 1 Hummingbird | 1 Cyberdocs | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2001-0815 | 1 Activestate | 1 Activeperl | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension. | |||||