Total
29099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3254 | 1 Nathan Neulinger | 1 Cgiwrap | 2024-09-17 | N/A |
| The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems. | ||||
| CVE-2005-1571 | 1 Wenig And Spitzer-williams | 1 Showoff Digital Media Software | 2024-09-17 | N/A |
| Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts. | ||||
| CVE-2008-5914 | 1 Apple | 1 Safari | 2024-09-17 | N/A |
| An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2002-1865 | 2 D-link, Linksys | 4 Di-804, Dl-704, Befw11s4 and 1 more | 2024-09-17 | N/A |
| Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header. | ||||
| CVE-2019-11899 | 1 Bosch | 1 Access | 2024-09-17 | 7.5 High |
| An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator. | ||||
| CVE-2006-6472 | 1 Xerox | 1 Workcentre | 2024-09-17 | N/A |
| The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors. | ||||
| CVE-2005-2284 | 1 Esi Products | 1 Webeoc | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors. | ||||
| CVE-2005-1656 | 1 Mercur | 1 Mercur Messaging | 2024-09-17 | N/A |
| Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20"). | ||||
| CVE-2006-4830 | 1 Blojsom | 1 Blojsom | 2024-09-17 | N/A |
| Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate. | ||||
| CVE-2012-3052 | 1 Cisco | 1 Vpn Client | 2024-09-17 | N/A |
| Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. | ||||
| CVE-2022-1561 | 2 Krakend, Luraproject | 2 Krakend, Lura | 2024-09-17 | 4 Medium |
| Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable. | ||||
| CVE-2004-1791 | 1 Edimax | 1 Full Rate Adsl Router | 2024-09-17 | N/A |
| The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access. | ||||
| CVE-2005-3017 | 1 Content2web | 1 Content2web | 2024-09-17 | N/A |
| PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS). | ||||
| CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2024-09-17 | 9.8 Critical |
| Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | ||||
| CVE-2022-33970 | 1 Oxilab | 1 Shortcode Addons | 2024-09-17 | 7.2 High |
| Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress. | ||||
| CVE-2021-20414 | 1 Ibm | 1 Guardium Data Encryption | 2024-09-17 | 4.9 Medium |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216. | ||||
| CVE-2022-25644 | 1 Get-process-by-name Project | 1 Get-process-by-name | 2024-09-17 | 9.8 Critical |
| All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. | ||||
| CVE-2005-4778 | 1 Suse | 2 Suse Linux, Suse Sled Beagle | 2024-09-17 | N/A |
| The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," which allows local users to suspend the computer and possibly perform certain other unauthorized actions. | ||||
| CVE-2005-2055 | 1 Realnetworks | 2 Realone Player, Realplayer | 2024-09-17 | N/A |
| RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers". | ||||
| CVE-2012-4759 | 1 Foxitsoftware | 1 Foxit Reader | 2024-09-17 | N/A |
| Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. | ||||