Total
255417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4379 | 1 Ipswitch | 3 Imail Plus, Imail Secure Server, Ipswitch Collaboration Suite | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. | |||||
CVE-2006-0094 | 1 Oaboard | 1 Oaboard | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-4575 | 1 Paperthin | 1 Commonspot Content Server | 2024-02-04 | 5.0 MEDIUM | N/A |
PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message. | |||||
CVE-2006-1458 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. | |||||
CVE-2005-0857 | 1 Coolforum | 1 Coolforum | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. | |||||
CVE-2004-2320 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.8 MEDIUM | N/A |
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | |||||
CVE-2005-2556 | 1 Mantis | 1 Mantis | 2024-02-04 | 7.5 HIGH | N/A |
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | |||||
CVE-2005-0788 | 1 Limewire | 1 Limewire | 2024-02-04 | 5.0 MEDIUM | N/A |
LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request. | |||||
CVE-2006-0678 | 1 Postgresql | 1 Postgresql | 2024-02-04 | 1.5 LOW | N/A |
PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553. | |||||
CVE-2006-0324 | 1 Webspot | 1 Webspotblogging | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php. | |||||
CVE-2006-1783 | 1 Patronet | 1 Cms | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. | |||||
CVE-2004-2355 | 1 Crafty Syntax Live Help | 1 Crafty Syntax Live Help | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session. | |||||
CVE-2005-3431 | 1 Rockliffe | 1 Mailsite Express | 2024-02-04 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition. | |||||
CVE-2006-3718 | 1 Oracle | 1 Exchange | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17. | |||||
CVE-2005-3112 | 1 Macromedia | 1 Breeze | 2024-02-04 | 2.1 LOW | N/A |
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords. | |||||
CVE-2005-1788 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter. | |||||
CVE-2006-4313 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. | |||||
CVE-2006-1893 | 1 Ar-blog | 1 Ar-blog | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
CVE-2006-2982 | 1 Enterprise Payroll Systems | 1 Enterprise Payroll Systems | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php. | |||||
CVE-2006-0598 | 1 Stefan Ritt | 1 Elog Web Logbook | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file. |