5655 matches found
CVE-2025-5053 FreeFloat FTP Server MDIR Command buffer overflow
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed...
CVE-2005-4687
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header...
CVE-2002-2354
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service crash or hang via a large number of TCP connection requests...
CVE-2002-2100
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content...
CVE-2008-0940
Cross-site scripting XSS vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407...
CVE-2002-1923
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection...
CVE-2008-0618
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 gbname, 2 gbemail, 3 gburl, and 4 gbmsg parameters to unspecified programs. NOTE: the provenance of this information i...
CVE-2009-2907
Multiple cross-site scripting XSS vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite AMS before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers t...
CVE-2008-7201
Lantronix MSS485-T allows remote attackers to cause a denial of service unstable performance and service loss via certain vulnerability scans, as demonstrated using 1 Nessus and 2 nmap...
CVE-2009-2454
Cross-site scripting XSS vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-3634
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better...
CVE-2007-2066
UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...
CVE-2007-1406
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...
CVE-2021-25254
Yandex Browser Lite for Android before 21.1.0 is vulnerable to address-bar spoofing (authentication bypass). The issue is described in multiple sources (e.g., PT-2021-7166) as a spoofing vulnerability with no clearly documented fixed version in the provided materials; exploitation status and spec...
CVE-2025-4998
A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability is the function EditBasicSSID/EditBasicSSID5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/AspSetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList o...
The vulnerability of Adobe Connect’s instant messaging program lies in the insufficient protection of the website structure, which allows attackers to perform cross-site scripting attacks.
The vulnerability of the Adobe Connect instant messaging program is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
PT-2025-21926 · Unknown · Phpgurukul Auto Taxi Stand Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Auto Taxi Stand Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Auto Taxi Stand Management System. The issue is related to an unknown function of the file...
CVE-2025-4885 itsourcecode Sales and Inventory System product_add.php sql injection
A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument serial leads to sql injection. It is possible to launch the attack remotely. The exploit has be...
CVE-2025-4874 PHPGurukul News Portal Project contactus.php sql injection
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be launched remotely. The exploit ha...
CVE-2025-4848
CVE-2025-4848 affects FreeFloat FTP Server 1.0. The vulnerability is in the RECV Command Handler and causes a buffer overflow in processing input data, enabling remote exploitation. Multiple connected sources confirm remote attack potential and public disclosure of the exploit. Remediation guidan...