Total
29753 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4986 | 1 Grayscale | 1 Bandsite Cms | 2025-04-03 | N/A |
| Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for (1) certain files in the includes/content directory, (2) includes/shows_preview.php, and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4) mailinglist/disphtmltbl.php, (5) mailinglist/dispxls.php, (6) mailinglist/sendshows.php, (7) previews/preview_bio.php, (8) previews/preview_genmerch.php, (9) previews/preview_fliers.php, (10) previews/preview_gbook.php, (11) previews/preview_interviews.php, (12) previews/preview_links.php, (13) previews/preview_lyrics.php, (14) previews/preview_membio.php, (15) previews/preview_merchphotos.php, (16) previews/preview_mp3s.php, (17) previews/preview_news.php, (18) previews/preview_photos.php, (19) previews/preview_releases.php, (20) previews/preview_relmerch.php, (21) previews/preview_relphotos.php, (22) previews/preview_reviews.php, (23) previews/preview_shows.php, (24) previews/preview_wearmerch.php, (25) change_forms/change_bio.php, (26) change_forms/change_fliers.php, (27) change_forms/change_gbook.php, (28) change_forms/change_gen_merch.php, (29) change_forms/change_interview.php, (30) change_forms/change_links.php, (31) change_forms/change_lyrics.php, (32) change_forms/change_members.php, (33) change_forms/change_merch.php, (34) change_forms/change_merch_pic.php, (35) change_forms/change_mp3s.php, (36) change_forms/change_news.php, (37) change_forms/change_photos.php, (38) change_forms/change_rel_merch.php, (39) change_forms/change_rel_pic.php, (40) change_forms/change_releases.php, (41) change_forms/change_reviews.php, (42) change_forms/change_shows.php, and (43) change_forms/change_wear_merch.php, which reveals the path in various error messages. | ||||
| CVE-2006-4990 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828. | ||||
| CVE-2005-3416 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail. | ||||
| CVE-2002-0002 | 4 Engardelinux, Mandrakesoft, Redhat and 1 more | 4 Secure Linux, Mandrake Linux, Linux and 1 more | 2025-04-03 | N/A |
| Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. | ||||
| CVE-2002-0005 | 1 Aol | 1 Instant Messenger | 2025-04-03 | N/A |
| Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame). | ||||
| CVE-2002-0006 | 2 Redhat, Xchat | 2 Linux, Xchat | 2025-04-03 | N/A |
| XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set. | ||||
| CVE-2002-0007 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. | ||||
| CVE-2001-1306 | 1 Sun | 1 Iplanet Directory Server | 2025-04-03 | N/A |
| iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite. | ||||
| CVE-2001-1308 | 1 Sun | 1 Iplanet Directory Server | 2025-04-03 | N/A |
| Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | ||||
| CVE-2003-0758 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | N/A |
| Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument. | ||||
| CVE-2006-4497 | 1 Iwebnegar | 1 Iwebnegar | 2025-04-03 | N/A |
| SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2001-1310 | 1 Ibm | 1 Secureway Directory | 2025-04-03 | N/A |
| IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite. | ||||
| CVE-1999-0512 | 2025-04-03 | N/A | ||
| A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. | ||||
| CVE-2004-1834 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2025-04-03 | N/A |
| mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | ||||
| CVE-2005-2857 | 1 Softstack | 1 Free Smtp Server | 2025-04-03 | N/A |
| Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy). | ||||
| CVE-2006-4254 | 1 Ibm | 1 Aix | 2025-04-03 | N/A |
| Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2001-1356 | 1 Netwin | 1 Surgeftp | 2025-04-03 | N/A |
| NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021. | ||||
| CVE-2001-0099 | 1 Brian Stanback | 1 Bsguest.cgi | 2025-04-03 | N/A |
| bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. | ||||
| CVE-2006-2889 | 1 Pixelpost | 1 Pixelpost | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | ||||
| CVE-2002-1985 | 1 Incognito Software Inc | 1 Ismtp Gateway | 2025-04-03 | N/A |
| iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow. | ||||