Latest CVE Feed
-
2.6
LOWCVE-2006-1761
Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS a... Read more
Affected Products : blur6ex- EPSS Score: %0.50
- Published: Apr. 13, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2004-0478
Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrat... Read more
Affected Products : mozilla- EPSS Score: %0.74
- Published: Jul. 07, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-0110
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated... Read more
- EPSS Score: %2.70
- Published: Jan. 14, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-1999-0396
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.... Read more
- EPSS Score: %0.66
- Published: Feb. 17, 1999
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2000-0132
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.... Read more
Affected Products : virtual_machine- EPSS Score: %6.57
- Published: Jan. 31, 2000
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-2913
Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php.... Read more
Affected Products : selectapix- EPSS Score: %0.74
- Published: Jun. 09, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-1999-0031
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.... Read more
- EPSS Score: %2.94
- Published: Jul. 08, 1997
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2007-6704
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.a... Read more
Affected Products : firepass_4100- EPSS Score: %7.08
- Published: Mar. 05, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2001-0089
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.... Read more
Affected Products : internet_explorer- EPSS Score: %38.30
- Published: Feb. 16, 2001
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-0926
Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1... Read more
- EPSS Score: %1.10
- Published: Feb. 28, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-3656
Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 200607... Read more
Affected Products : powerpoint- EPSS Score: %65.97
- Published: Jul. 18, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2009-1614
Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form... Read more
Affected Products : leap- EPSS Score: %0.23
- Published: May. 11, 2009
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2005-1791
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenar... Read more
Affected Products : ie- EPSS Score: %9.40
- Published: May. 28, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-0905
Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.... Read more
Affected Products : maxthon- EPSS Score: %7.42
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2014-2226
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.... Read more
Affected Products : unifi_controller- EPSS Score: %0.29
- Published: Jul. 29, 2014
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2004-0484
mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after t... Read more
Affected Products : internet_explorer- EPSS Score: %26.84
- Published: Jul. 07, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2004-0407
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before t... Read more
Affected Products : coldfusion- EPSS Score: %3.85
- Published: Jun. 01, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2009-2492
Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.... Read more
- EPSS Score: %0.36
- Published: Jul. 17, 2009
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2006-1854
Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this... Read more
Affected Products : bluepay_manager- EPSS Score: %0.30
- Published: Apr. 19, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-1748
Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling Acti... Read more
Affected Products : xmb_forum- EPSS Score: %0.36
- Published: Apr. 12, 2006
- Modified: Apr. 03, 2025