Total
255401 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0509 | 1 Cerberus | 1 Cerberus Helpdesk | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields. | |||||
| CVE-2006-3971 | 1 Scott Weedon | 1 Ajax Chat | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter. | |||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | |||||
| CVE-2004-2490 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable. | |||||
| CVE-2005-0785 | 1 Yabb | 1 Yabb | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2006-3155 | 1 Thinkfactory | 1 Ultimate Estate | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.pl, (3) user parameter in (d) userask.pl or (e) leavefeed.pl, (4) itemnum parameter in userask.pl, (5) category parameter in (f) itemlist.pl, and the (6) query parameter in (g) search.pl. | |||||
| CVE-2006-3207 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using "[NR]" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation. | |||||
| CVE-2005-3523 | 1 Gpsdrive | 1 Gpsdrive | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field. | |||||
| CVE-2006-1627 | 1 Adobe | 1 Acrobat Reader | 2024-02-04 | 7.5 HIGH | N/A |
| Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. | |||||
| CVE-2005-3645 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2024-02-04 | 5.0 MEDIUM | N/A |
| phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php. | |||||
| CVE-2006-3675 | 1 Counterpane | 1 Passwordsafe | 2024-02-04 | 2.1 LOW | N/A |
| Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents. | |||||
| CVE-2005-3997 | 1 Zen Cart | 1 Zen Cart | 2024-02-04 | 2.6 LOW | N/A |
| Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message. | |||||
| CVE-2006-0770 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-3759 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation." | |||||
| CVE-2006-2504 | 1 Azboard | 1 Azboard | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp. | |||||
| CVE-2005-2047 | 1 Duware | 1 Dupaypal Pro | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iPro parameter to detail.asp, (3) iSub parameter to sub.asp, (4) iCat parameter to catEdit.asp. | |||||
| CVE-2006-2672 | 1 Interquest Internet Services | 1 Realty Pro One | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection. | |||||
| CVE-2006-1646 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
| CVE-2005-4605 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
| The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value. | |||||
| CVE-2005-4555 | 1 Dev | 1 Dev Web Management System | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ENTER_ARTICLE_TITLE, (2) SPECIFY_ZONE, (3) ENTER_ARTICLE_HEADER, and (4) ENTER_ARTICLE_BODY indices in the language array parameter. | |||||