Total
255508 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2098 | 1 Php Thumbnail Autoindex | 1 Php Thumbnail Autoindex | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html. | |||||
| CVE-2006-0908 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 7.5 HIGH | N/A |
| PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. | |||||
| CVE-2006-4263 | 1 Product Scroller Module | 1 Product Scroller Module | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php. | |||||
| CVE-2005-0360 | 1 Microsoft | 1 Log Sink Class Activex Control | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files. | |||||
| CVE-2006-4233 | 1 Globus | 1 Globus Toolkit | 2024-02-04 | 3.6 LOW | N/A |
| Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config. | |||||
| CVE-2006-3474 | 1 Belchior Foundry | 1 Vcard | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php. | |||||
| CVE-2005-1694 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter. | |||||
| CVE-2004-1257 | 1 Abc2mtex | 1 Abc2mtex | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to execute arbitrary code via crafted ABC files. | |||||
| CVE-2006-0906 | 1 Top Line | 1 D3jeeb Pro | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2) catogary.php. | |||||
| CVE-2006-1924 | 1 Linpha | 1 Linpha | 2024-02-04 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-1609 | 1 Hitachi | 4 Xfit S, Xfit S Jca, Xfit S Zengin and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, and XFIT/S ZENGIN TCP/IP Procedure allows remote attackers to cause a denial of service (server process and transfer control process stop) when the products "receive data unexpectedly". | |||||
| CVE-2006-1511 | 1 Microsoft | 1 .net Framework | 2024-02-04 | 5.1 MEDIUM | N/A |
| Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. | |||||
| CVE-2005-1023 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000. | |||||
| CVE-2006-2514 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-04 | 7.5 HIGH | N/A |
| Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | |||||
| CVE-2005-4390 | 1 Contentserv | 1 Contentserv | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the StoryID parameter. | |||||
| CVE-2006-3663 | 1 Finjan | 1 Vital Security | 2024-02-04 | 4.6 MEDIUM | N/A |
| Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a backup file, which allows local users to gain privileges. NOTE: the vendor has notified CVE that this issue was fixed in 8.3.6. | |||||
| CVE-2005-0148 | 1 Mozilla | 1 Thunderbird | 2024-02-04 | 5.0 MEDIUM | N/A |
| Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future. | |||||
| CVE-2005-0334 | 1 Linksys | 1 Psus4 Printserver | 2024-02-04 | 5.0 MEDIUM | N/A |
| Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service (device crash) via an HTTP POST request containing an unknown parameter without a value. | |||||
| CVE-2006-1979 | 1 Manic Web | 1 Mwguest | 2024-02-04 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. | |||||
| CVE-2005-3565 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.5 HIGH | N/A |
| Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors. | |||||