Total
29539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4706 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761. | |||||
| CVE-2005-1385 | 1 Apple | 1 Safari | 2025-04-03 | 2.6 LOW | N/A |
| Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference. | |||||
| CVE-2005-2274 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
| CVE-2000-0998 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function. | |||||
| CVE-2001-0562 | 1 Drummond Miles | 1 A1stats | 2025-04-03 | 7.5 HIGH | N/A |
| a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters. | |||||
| CVE-2006-0177 | 1 Cray | 1 Unicos | 2025-04-03 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line. | |||||
| CVE-2001-1420 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow. | |||||
| CVE-2004-2641 | 1 Sun | 2 Netra 1280, Sun Fire | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set. | |||||
| CVE-2005-3161 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php. | |||||
| CVE-2006-2997 | 1 Zms Publishing | 1 Zms | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field. | |||||
| CVE-2005-4576 | 1 Fatwire | 1 Updateengine | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters. | |||||
| CVE-2003-0332 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 7.6 HIGH | N/A |
| The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. | |||||
| CVE-2006-1391 | 1 Pablo Software Solutions | 2 Baby Asp Web Server, Quick And Easy Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL. | |||||
| CVE-2004-0582 | 1 Webmin | 1 Webmin | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. | |||||
| CVE-2005-4800 | 1 Yapig | 1 Yapig | 2025-04-03 | 9.0 HIGH | N/A |
| Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability. | |||||
| CVE-2023-24021 | 2 Debian, Trustwave | 2 Debian Linux, Modsecurity | 2025-04-02 | N/A | 7.5 HIGH |
| Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | |||||
| CVE-2023-24056 | 1 Pkgconf | 1 Pkgconf | 2025-04-02 | N/A | 5.5 MEDIUM |
| In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | |||||
| CVE-2023-24038 | 2 Debian, Html-stripscripts Project | 2 Debian Linux, Html-stripscripts | 2025-04-02 | N/A | 7.5 HIGH |
| The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. | |||||
| CVE-2021-24881 | 1 Passster Project | 1 Passter | 2025-04-02 | N/A | 7.5 HIGH |
| The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request. | |||||
| CVE-2022-40036 | 1 Blog-ssm Project | 1 Blog-ssm | 2025-04-02 | N/A | 6.5 MEDIUM |
| An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. | |||||