Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1161 | 1 Oneworldstore | 1 Oneworldstore | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp. | |||||
| CVE-2002-0203 | 1 Tarantella | 1 Tarantella Enterprise | 2024-02-14 | 5.0 MEDIUM | N/A |
| ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter. | |||||
| CVE-2001-0949 | 1 Valicert | 1 Enterprise Validation Authority | 2024-02-14 | 7.5 HIGH | N/A |
| Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length. | |||||
| CVE-2004-1141 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory. | |||||
| CVE-2005-2366 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors. | |||||
| CVE-2004-1333 | 2 Linux, Redhat | 3 Linux Kernel, Fedora Core, Linux | 2024-02-14 | 2.1 LOW | N/A |
| Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow. | |||||
| CVE-2003-0432 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 10.0 HIGH | N/A |
| Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. | |||||
| CVE-2005-3689 | 1 Xmb Forum | 1 Xmb | 2024-02-14 | 5.0 MEDIUM | N/A |
| post.php in XMB 1.9.2 allows remote attackers to obtain the installation path via an invalid fid parameter in a newthread action. | |||||
| CVE-2004-2488 | 1 Nexgen | 1 Nexgen Ftp Server | 2024-02-14 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands. | |||||
| CVE-2005-0827 | 3 Ciamos, E-xoops, Runcms | 3 Ciamos, E-xoops, Runcms | 2024-02-14 | 5.0 MEDIUM | N/A |
| Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message. | |||||
| CVE-2006-5844 | 1 Speedywiki | 1 Speedywiki | 2024-02-14 | 5.0 MEDIUM | N/A |
| Speedywiki 2.0 allows remote attackers to obtain the full path of the web server via the (1) showRevisions[] and (2) searchText[] parameters in (a) index.php, and (b) a direct request to upload.php without any parameters. | |||||
| CVE-2006-1935 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector. | |||||
| CVE-2001-1193 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command. | |||||
| CVE-2006-6153 | 1 Vspin.net | 1 Classified System | 2024-02-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp. | |||||
| CVE-2007-2598 | 1 Simplenews | 1 Simplenews | 2024-02-14 | 10.0 HIGH | N/A |
| SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2005-1328 | 1 Oneworldstore | 1 Oneworldstore | 2024-02-14 | 5.0 MEDIUM | N/A |
| OneWorldStore allows remote attackers to cause a denial of service (application crash) via a direct request to owConnections/chksettings.asp. | |||||
| CVE-2004-2021 | 1 Oscommerce | 1 Oscommerce | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument. | |||||
| CVE-2003-0937 | 1 Sco | 2 Open Unix, Unixware | 2024-02-14 | 4.6 MEDIUM | N/A |
| SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user. | |||||
| CVE-2006-0310 | 1 Mike Helton | 1 Aoblogger | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag. | |||||
| CVE-2006-6930 | 1 Ga Soft | 1 Rapid Classified | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||