Total
29753 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0995 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
| Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. | ||||
| CVE-2005-3299 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. | ||||
| CVE-2006-2847 | 1 Full Revolution | 1 Aspweblinks | 2025-04-03 | N/A |
| SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter. | ||||
| CVE-2000-1005 | 1 Extropia | 1 Extropia Webstore | 2025-04-03 | N/A |
| Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. | ||||
| CVE-2005-3306 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of CVE-2005-3307. | ||||
| CVE-2006-2851 | 1 Dotproject | 1 Dotproject | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. | ||||
| CVE-2005-3310 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB. | ||||
| CVE-2005-3315 | 1 Novell | 1 Zenworks Patch Management Server | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp. | ||||
| CVE-2006-2869 | 1 Alwil | 1 Avast Antivirus | 2025-04-03 | N/A |
| Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. | ||||
| CVE-2006-2880 | 1 Pyblosxom | 1 Pyblosxom | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields. | ||||
| CVE-2005-3366 | 1 Php Icalendar | 1 Php Icalendar | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher. | ||||
| CVE-2005-3376 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2025-04-03 | N/A |
| Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | ||||
| CVE-2000-1023 | 1 Alabanza | 1 Control Panel | 2025-04-03 | N/A |
| The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. | ||||
| CVE-2005-3385 | 1 Techno Dreams | 1 Mailing List | 2025-04-03 | N/A |
| SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | ||||
| CVE-2005-3387 | 1 Luca Deri | 1 Ntop | 2025-04-03 | N/A |
| The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code. | ||||
| CVE-2001-0233 | 3 Debian, Matthew Smith, Redhat | 4 Debian Linux, Micq, Linux and 1 more | 2025-04-03 | N/A |
| Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field. | ||||
| CVE-2005-3401 | 1 Thehacker | 1 Thehacker | 2025-04-03 | N/A |
| Multiple interpretation error in TheHacker 5.8.4.128 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | ||||
| CVE-2001-0235 | 1 Debian | 1 Debian Linux | 2025-04-03 | N/A |
| Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running. | ||||
| CVE-2005-3417 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables. | ||||
| CVE-2005-3441 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Unspecified vulnerability in Intelligent Agent in Oracle Database Server 9i up to 9.0.1.5 has unknown impact and attack vectors, aka Oracle Vuln# DB14. | ||||