Total
255499 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2719 | 1 Jiwa | 1 Financials | 2024-02-04 | 4.9 MEDIUM | N/A |
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords. | |||||
CVE-2006-2571 | 1 Alkacon | 1 Opencms | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action. | |||||
CVE-2005-2455 | 1 Greasemonkey | 1 Greasemonkey | 2024-02-04 | 5.0 MEDIUM | N/A |
Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue. | |||||
CVE-2005-0924 | 1 Adventia | 1 E-data | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword. | |||||
CVE-2005-3533 | 1 Osh | 1 Osh | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in OSH before 1.7-15 allows local users to execute arbitrary code via a long current working directory and filename. | |||||
CVE-2006-2732 | 1 Mini-nuke | 1 Mini-nuke | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters. | |||||
CVE-2005-0413 | 1 Myphp Forum | 1 Myphp Forum | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier. | |||||
CVE-2005-0694 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-04 | 5.0 MEDIUM | N/A |
Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv. | |||||
CVE-2006-0353 | 1 Gnu | 1 Lsh | 2024-02-04 | 3.6 LOW | N/A |
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys. | |||||
CVE-2006-2126 | 1 Avalon Ltd | 1 Maxtrade | 2024-02-04 | 6.4 MEDIUM | N/A |
SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters. | |||||
CVE-2005-3173 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 4.6 MEDIUM | N/A |
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. | |||||
CVE-2005-1584 | 1 Open Solution | 1 Quick.forum | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action. | |||||
CVE-2003-1021 | 1 Sco | 1 Openserver | 2024-02-04 | 7.2 HIGH | N/A |
The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline. | |||||
CVE-2005-4259 | 1 Aspbb | 1 Aspbb | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) TID parameter in topic.asp, (2) FORUM_ID parameter in forum.asp, and (3) PROFILE_ID parameter in profile.asp. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | |||||
CVE-2005-3175 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.2 HIGH | N/A |
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. | |||||
CVE-2005-3131 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the createdataCX parameter to (2) calendar_d.html, (3) calendar_m.html, or (4) calendar_w.html. | |||||
CVE-2006-1790 | 1 Mozilla | 1 Firefox | 2024-02-04 | 10.0 HIGH | N/A |
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption. | |||||
CVE-2006-3160 | 1 Onedotoh | 1 Simple File Manager | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
CVE-2006-1736 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-04 | 2.6 LOW | N/A |
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename. | |||||
CVE-2006-2363 | 1 Limbo Cms | 1 Limbo Cms | 2024-02-04 | 5.1 MEDIUM | N/A |
SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. |