Total
29109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2294 | 1 Francisco Burzi | 1 Php-nuke | 2024-09-17 | N/A |
| Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2005-3281 | 1 Nukefixes | 1 Nukefixes | 2024-09-17 | N/A |
| Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter. | ||||
| CVE-2012-2967 | 1 Caucho | 1 Resin | 2024-09-17 | N/A |
| Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors. | ||||
| CVE-2006-5924 | 1 Efficientip | 1 Ipmanager | 2024-09-17 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2005-2142 | 1 Kmint21 Software | 1 Golden Ftp Server | 2024-09-17 | N/A |
| Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command. | ||||
| CVE-2005-4823 | 1 Hp | 1 Http Server | 2024-09-17 | N/A |
| Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2002-2113 | 1 Agh | 1 Htmlsearch | 2024-09-17 | N/A |
| search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter. | ||||
| CVE-2021-26334 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2024-09-17 | 9.9 Critical |
| The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. | ||||
| CVE-2012-0223 | 1 7t | 1 Termis | 2024-09-17 | N/A |
| Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224. | ||||
| CVE-2005-3176 | 1 Microsoft | 1 Windows 2000 | 2024-09-17 | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. | ||||
| CVE-2021-28799 | 1 Qnap | 4 Hybrid Backup Sync, Qts, Quts Hero and 1 more | 2024-09-17 | 10 Critical |
| An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 . | ||||
| CVE-2022-41781 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-09-17 | 6.5 Medium |
| Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. | ||||
| CVE-2020-11933 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2024-09-17 | 7.3 High |
| cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659. | ||||
| CVE-2003-0680 | 1 Sgi | 1 Irix | 2024-09-17 | N/A |
| Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions. | ||||
| CVE-2006-6016 | 1 Wordpress | 1 Wordpress | 2024-09-17 | N/A |
| wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | ||||
| CVE-2002-1813 | 1 Aol | 1 Instant Messenger | 2024-09-17 | N/A |
| Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link. | ||||
| CVE-2005-1119 | 1 Todd Miller | 1 Sudo | 2024-09-17 | N/A |
| Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2006-6744 | 1 Phpprofiles | 1 Phpprofiles | 2024-09-17 | N/A |
| phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts. | ||||
| CVE-2021-38878 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-09-17 | 7.5 High |
| IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. | ||||
| CVE-2012-2012 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-09-17 | N/A |
| HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||