Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4895 | 1 Idevspot | 1 Nixieaffiliate | 2025-04-03 | N/A |
| IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php. | ||||
| CVE-2006-4904 | 1 Qualiteam | 1 X-cart | 2025-04-03 | N/A |
| Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter. | ||||
| CVE-2006-4909 | 1 Cisco | 1 Guard Ddos Mitigation Appliance | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. | ||||
| CVE-2006-4914 | 1 A.l-pifou | 1 A.l-pifou | 2025-04-03 | N/A |
| Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources. | ||||
| CVE-2002-0899 | 1 Blueface | 1 Falcon Web Server | 2025-04-03 | N/A |
| Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot). | ||||
| CVE-2002-2126 | 1 Pedestal Software | 1 Integrity Protection Driver | 2025-04-03 | N/A |
| restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time. | ||||
| CVE-2000-0772 | 1 Tumbleweed | 1 Messaging Management System | 2025-04-03 | N/A |
| The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password. | ||||
| CVE-2002-2130 | 1 Gallery Project | 1 Gallery | 2025-04-03 | N/A |
| publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2000-0773 | 1 Bajie | 1 Java Http Server | 2025-04-03 | N/A |
| Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack. | ||||
| CVE-2001-0121 | 1 Storagesoft | 1 Imagecast Ic3 | 2025-04-03 | N/A |
| ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002. | ||||
| CVE-2000-0784 | 1 Rapidstream | 1 Rapidstream | 2025-04-03 | N/A |
| sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh. | ||||
| CVE-2002-0902 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. | ||||
| CVE-1999-1035 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. | ||||
| CVE-2005-1473 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field. | ||||
| CVE-2005-2867 | 1 Bluewhalecrm | 1 Bluewhalecrm | 2025-04-03 | N/A |
| SQL injection vulnerability in BlueWhaleCRM allows remote attackers to execute arbitrary SQL commands via the Account ID field. | ||||
| CVE-2000-0824 | 1 Gnu | 1 Glibc | 2025-04-03 | N/A |
| The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. | ||||
| CVE-1999-0719 | 1 Gnu | 1 Gnumeric | 2025-04-03 | N/A |
| The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. | ||||
| CVE-2003-0724 | 1 Compaq | 1 Tru64 | 2025-04-03 | N/A |
| ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges. | ||||
| CVE-1999-0723 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | N/A |
| The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. | ||||
| CVE-2000-0833 | 1 Jack De Winter | 1 Winsmtp | 2025-04-03 | N/A |
| Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to cause a denial of service via a long (1) USER or (2) HELO command. | ||||