Total
29099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5023 | 1 Gitlist | 1 Gitlist | 2024-09-17 | N/A |
| Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command. | ||||
| CVE-2022-29417 | 1 Shortpixel | 1 Shortpixel Adaptive Images | 2024-09-17 | 4.3 Medium |
| Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. | ||||
| CVE-2012-5875 | 1 Fireflymediaserver | 1 Firefly Media Server | 2024-09-17 | N/A |
| Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version. | ||||
| CVE-2003-0752 | 1 Attila-php.net | 1 Attilaphp | 2024-09-17 | N/A |
| SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter. | ||||
| CVE-2001-1520 | 1 Intel | 1 Xircom Rex 6000 | 2024-09-17 | N/A |
| Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN. | ||||
| CVE-2005-2168 | 1 Frozenplague.net | 1 Plague News System | 2024-09-17 | N/A |
| delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter. | ||||
| CVE-2003-1242 | 1 Sage | 1 Sage | 2024-09-17 | N/A |
| Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message. | ||||
| CVE-2009-4593 | 1 Jesse Smith | 1 Bftpd | 2024-09-17 | N/A |
| The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2021-36037 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-17 | 6.5 Medium |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure. | ||||
| CVE-2002-2101 | 1 Microsoft | 1 Outlook | 2024-09-17 | N/A |
| Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. | ||||
| CVE-2020-29509 | 2 Golang, Netapp | 2 Go, Trident | 2024-09-17 | 9.8 Critical |
| The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | ||||
| CVE-2003-0355 | 2 Apple, Kde | 2 Safari, Konqueror Embedded | 2024-09-17 | N/A |
| Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates. | ||||
| CVE-2013-7392 | 1 Gitlist | 1 Gitlist | 2024-09-17 | N/A |
| Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. | ||||
| CVE-2020-15279 | 1 Bitdefender | 1 Endpoint Security Tools | 2024-09-17 | 4 Medium |
| An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research. | ||||
| CVE-2006-6656 | 1 Netbsd | 1 Netbsd | 2024-09-17 | N/A |
| Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak. | ||||
| CVE-2005-4764 | 1 Bea | 1 Weblogic Server | 2024-09-17 | N/A |
| BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins). | ||||
| CVE-2003-0802 | 1 Nokia | 1 Electronic Documentation | 2024-09-17 | N/A |
| Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot). | ||||
| CVE-2005-1883 | 1 Yapig | 1 Yapig | 2024-09-17 | N/A |
| global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter. | ||||
| CVE-2002-2125 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-09-17 | N/A |
| Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack. | ||||
| CVE-2012-1468 | 1 Pkp | 1 Open Journal Systems | 2024-09-17 | N/A |
| Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions. | ||||