Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1820 | 1 Warpspeed | 1 4nalbum Module | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php. | ||||
| CVE-2000-0362 | 1 Suse | 1 Suse Linux | 2026-04-16 | N/A |
| Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges. | ||||
| CVE-2000-0663 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. | ||||
| CVE-2005-0776 | 1 Photopost | 1 Photopost Php Pro | 2026-04-16 | N/A |
| adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos. | ||||
| CVE-2002-0386 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | ||||
| CVE-2005-3924 | 1 Randshop | 1 Randshop | 2026-04-16 | N/A |
| SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters. | ||||
| CVE-2002-0403 | 2 Ethereal Group, Redhat | 4 Ethereal, Enterprise Linux, Linux and 1 more | 2026-04-16 | N/A |
| DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. | ||||
| CVE-2002-0413 | 1 Rebb | 1 Rebb | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script. | ||||
| CVE-2002-0414 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2026-04-16 | N/A |
| KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. | ||||
| CVE-2002-0418 | 1 Endymion | 1 Sake Mail | 2026-04-16 | N/A |
| Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter. | ||||
| CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2026-04-16 | N/A |
| Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. | ||||
| CVE-1999-1408 | 2 Hp, Ibm | 2 Hp-ux, Aix | 2026-04-16 | N/A |
| Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost. | ||||
| CVE-2001-0679 | 1 Trend Micro | 1 Interscan Viruswall | 2026-04-16 | N/A |
| A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote attacker to execute arbitrary code by sending a long HELO command to the server. | ||||
| CVE-2004-1937 | 1 Nuked-klan | 1 Nuked-klan | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module. | ||||
| CVE-2004-1979 | 1 Props | 1 Props | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter. | ||||
| CVE-2001-0727 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." | ||||
| CVE-1999-1205 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. | ||||
| CVE-1999-1134 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066. | ||||
| CVE-2002-0476 | 1 Macromedia | 1 Flash Player | 2026-04-16 | N/A |
| Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand. | ||||
| CVE-2001-0822 | 1 Packet Knights | 1 Fpf Linux Kernel Module | 2026-04-16 | N/A |
| FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets. | ||||