Total
255452 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3377 | 1 Jmb Software | 1 Autorank | 2024-02-04 | 4.0 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi. | |||||
CVE-2006-1847 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-4604 | 1 Jean-jacques Sarton | 1 Mtink | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable. | |||||
CVE-2006-1825 | 1 Phplinks | 1 Phplinks | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter. | |||||
CVE-2006-4583 | 1 Darrens 5-dollar Script Archive | 1 Flashchat | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php. | |||||
CVE-2006-2362 | 1 Gnu | 1 Binutils | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. | |||||
CVE-2005-2358 | 1 Emc | 1 Navisphere Manager | 2024-02-04 | 5.0 MEDIUM | N/A |
EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot). | |||||
CVE-2005-3544 | 1 Xmb Forum | 1 Xmb | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
CVE-2006-1214 | 1 Unreal | 1 Unrealircd | 2024-02-04 | 5.0 MEDIUM | N/A |
UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC." | |||||
CVE-2005-3270 | 1 Symantec | 1 Norton Antivirus | 2024-02-04 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. | |||||
CVE-2005-4032 | 1 Hotcgiscripts | 1 Easy Search System | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
CVE-2005-1843 | 1 Adobe | 1 Version Cue | 2024-02-04 | 4.6 MEDIUM | N/A |
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument. | |||||
CVE-2004-2612 | 1 Bnc | 1 Bnc | 2024-02-04 | 7.5 HIGH | N/A |
BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users. | |||||
CVE-2006-4681 | 1 Ibm | 1 Director | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. | |||||
CVE-2006-1206 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2024-02-04 | 5.0 MEDIUM | N/A |
Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30. | |||||
CVE-2005-1714 | 1 Netwin | 1 Surgemail | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2005-0111 | 1 Mysql | 1 Maxdb | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter. | |||||
CVE-2004-2609 | 1 Symantec | 1 Powerquest Deploycenter | 2024-02-04 | 2.1 LOW | N/A |
The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. | |||||
CVE-2005-2445 | 1 Early Impact | 1 Product Cart | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows remote attackers to execute arbitrary SQL commands via the idcategory parameter. | |||||
CVE-2006-4457 | 1 Phpecard | 1 Phpecard | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |