Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2149 | 1 Avatic | 1 Aardvark Topsites Php | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code. | ||||
| CVE-2006-2211 | 1 321soft | 1 Php-gallery | 2025-04-03 | N/A |
| Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter. | ||||
| CVE-2006-2296 | 1 Keyvan1.com | 1 Edirectorypro | 2025-04-03 | N/A |
| SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2002-1139 | 1 Microsoft | 3 Windows 98 Plus Pack, Windows Me, Windows Xp | 2025-04-03 | N/A |
| The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." | ||||
| CVE-2006-2421 | 1 Pragma Systems | 1 Fortressssh | 2025-04-03 | N/A |
| Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-1162 | 1 Oneworldstore | 1 Oneworldstore | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp. | ||||
| CVE-2006-0099 | 1 Valdersoft | 1 Valdersoft Shopping Cart | 2025-04-03 | N/A |
| PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter. | ||||
| CVE-2006-1198 | 1 Comvigo | 1 Im Lock | 2025-04-03 | N/A |
| Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password. | ||||
| CVE-2002-0766 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
| OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor. | ||||
| CVE-2002-0782 | 1 Novell | 1 Bordermanager | 2025-04-03 | N/A |
| Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface. | ||||
| CVE-2006-2771 | 1 Hogstorps | 1 Hogstorp Guestbook | 2025-04-03 | N/A |
| admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter. | ||||
| CVE-2006-2261 | 1 Acal | 1 Acal | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2000-0904 | 1 Qnx | 1 Voyager | 2025-04-03 | N/A |
| Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information. | ||||
| CVE-2005-1236 | 1 Duware | 1 Duportal | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224. | ||||
| CVE-2000-0917 | 3 Caldera, Redhat, Trustix | 6 Openlinux, Openlinux Ebuilder, Openlinux Edesktop and 3 more | 2025-04-03 | N/A |
| Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. | ||||
| CVE-2002-1823 | 1 Lonerunner | 1 Zeroo Http Server | 2025-04-03 | N/A |
| Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request. | ||||
| CVE-1999-0472 | 2 Network Appliance, Snmp | 2 Netcache, Snmp | 2025-04-03 | N/A |
| The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. | ||||
| CVE-2000-0921 | 1 Hassan Consulting | 1 Shopping Cart | 2025-04-03 | N/A |
| Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. | ||||
| CVE-2001-0219 | 1 Hp | 1 Hp-ux | 2025-04-03 | N/A |
| Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. | ||||
| CVE-2000-0930 | 1 David Harris | 1 Pegasus Mail | 2025-04-03 | N/A |
| Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. | ||||