Vulnerabilities (CVE)

Total 267718 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1966 1 Openbb 1 Openbb 2024-02-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.
CVE-1999-0961 1 Hp 1 Hp-ux 2024-02-28 6.2 MEDIUM N/A
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
CVE-2003-0258 1 Cisco 7 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3005 Concentrator Software and 4 more 2024-02-28 7.5 HIGH N/A
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
CVE-2004-1059 1 Mnogosearch 1 Mnogosearch 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch 3.2.26 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) next and (2) prev result search pages, and the (3) extended and (4) simple search forms.
CVE-2001-1248 1 Vwebserver 1 Vwebserver 2024-02-28 5.0 MEDIUM N/A
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).
CVE-2001-0110 1 Iomega 1 Jazip 2024-02-28 7.2 HIGH N/A
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.
CVE-2003-0332 1 Working Resources Inc. 1 Badblue 2024-02-28 7.6 HIGH N/A
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
CVE-2004-1506 1 Webcalendar 1 Webcalendar 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.
CVE-2003-0963 1 Alexander V. Lukyanov 1 Lftp 2024-02-28 7.5 HIGH N/A
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.
CVE-2001-1472 1 Phpbb Group 1 Phpbb 2024-02-28 4.6 MEDIUM N/A
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
CVE-2002-1176 1 Nullsoft 1 Winamp 2024-02-28 7.5 HIGH N/A
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
CVE-2003-1504 1 Goldscripts 1 Goldlink 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.
CVE-2000-1233 1 Phorum 1 Phorum 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter.
CVE-2002-2363 1 Hp 1 Hp-ux 2024-02-28 7.2 HIGH N/A
VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.
CVE-2004-0312 1 Linksys 1 Wap55ag 2024-02-28 6.4 MEDIUM N/A
Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.
CVE-2002-1557 1 Cisco 1 Optical Networking Systems Software 2024-02-28 5.0 MEDIUM N/A
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.
CVE-2001-0385 1 Goahead Software 1 Goahead Webserver 2024-02-28 5.0 MEDIUM N/A
GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
CVE-2004-0397 1 Subversion 1 Subversion 2024-02-28 7.5 HIGH N/A
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
CVE-1999-1338 1 Delegate 1 Delegate 2024-02-28 5.0 MEDIUM N/A
Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions.
CVE-2001-1289 1 Id Software 1 Quake 3 Arena 2024-02-28 5.0 MEDIUM N/A
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.