Total
255417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-3217 | 1 Symantec | 1 Antivirus Scan Engine | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
CVE-2005-4480 | 1 Plexcor | 1 Plexcor Cms | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
CVE-2005-1667 | 1 Datatrac | 1 Activity Console | 2024-02-04 | 5.0 MEDIUM | N/A |
DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. | |||||
CVE-2005-3659 | 1 Emc | 1 Legato Networker | 2024-02-04 | 5.0 MEDIUM | N/A |
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference. | |||||
CVE-2006-0682 | 1 E107 | 1 E107 | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
CVE-2005-3995 | 1 Sobexsrv | 1 Sobexsrv | 2024-02-04 | 5.1 MEDIUM | N/A |
Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands. | |||||
CVE-2006-2008 | 1 Built2go | 1 Movie Review | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter. | |||||
CVE-2005-2886 | 1 Maxdev | 1 Md-pro | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php. | |||||
CVE-2005-2999 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain sensitive PHP configuration information via a direct request to test.php. | |||||
CVE-2006-2691 | 1 Amule | 1 Amule | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors. | |||||
CVE-2005-0910 | 1 E-xoops | 1 E-xoops | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php. | |||||
CVE-2005-0214 | 1 Alexander Palmo | 1 Simple Php Blog | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter. | |||||
CVE-2006-1915 | 1 Dbbs | 1 Dbbs | 2024-02-04 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in topics.php in DbbS 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the fcategoryid parameter. | |||||
CVE-2006-3414 | 1 Tor | 1 Tor | 2024-02-04 | 5.0 MEDIUM | N/A |
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution. | |||||
CVE-2005-3733 | 1 Juniper | 8 Junos E, Junos J, Junos M and 5 more | 2024-02-04 | 7.5 HIGH | N/A |
The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
CVE-2005-2419 | 1 Eci Telecom | 1 B-focus Router | 2024-02-04 | 7.5 HIGH | N/A |
B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg. | |||||
CVE-2005-1578 | 1 Guidance Software | 1 Encase | 2024-02-04 | 2.1 LOW | N/A |
EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection. | |||||
CVE-2006-2918 | 1 Lanap Botdetect | 1 Captcha Asp.net | 2024-02-04 | 5.0 MEDIUM | N/A |
The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number." | |||||
CVE-2006-0405 | 1 Libtiff | 1 Libtiff | 2024-02-04 | 5.0 MEDIUM | N/A |
The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. | |||||
CVE-2006-4285 | 1 Fscripts | 1 Fantastic News | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected. |