Total
255398 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3960 | 1 X-scripts | 1 X-poll | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2004-2728 | 1 Hummingbird | 1 Connectivity | 2024-02-04 | 3.5 LOW | N/A |
Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command. | |||||
CVE-2005-2788 | 1 Neocrome | 1 Land Down Under | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php. | |||||
CVE-2006-4207 | 1 Bob Jewell | 1 Discloser | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php. | |||||
CVE-2005-2042 | 1 Ajax-spell | 1 Ajax-spell | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allows remote attackers to inject arbitrary web script or HTML via onmouseover or other events in HTML tags. | |||||
CVE-2005-0679 | 1 Stadtaus | 1 Tell A Friend Script | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. NOTE: it was later reported that 2.4 is also affected. | |||||
CVE-2005-4733 | 1 Netbsd | 1 Netbsd | 2024-02-04 | 4.9 MEDIUM | N/A |
NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow local users to cause a denial of service (infinite loop and system hang) by calling the F_CLOSEM fcntl with a parameter value of 0. | |||||
CVE-2005-4549 | 1 Oracle | 1 Application Server Discussion Forum Portlet | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article. | |||||
CVE-2005-3931 | 1 Asp-rider | 1 Asp-rider | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer. | |||||
CVE-2006-0905 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2024-02-04 | 7.5 HIGH | N/A |
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks. | |||||
CVE-2005-1825 | 1 Hp | 1 Radia Client | 2024-02-04 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process. | |||||
CVE-2005-0477 | 1 Invision Power Services | 1 Invision Power Board | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. | |||||
CVE-2006-3194 | 1 Singapore | 1 Singapore | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter. | |||||
CVE-2006-0969 | 1 Pixelartkingdom | 1 Top Sites | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in Top sites de PixelArtKingdom allows remote attackers to include and execute arbitrary files via the page parameter. | |||||
CVE-2005-4669 | 1 Rt Internet Solutions | 1 Rt Internet Solutions Webadmin | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||||
CVE-2005-3110 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.6 LOW | N/A |
Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked. | |||||
CVE-2005-1768 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 3.7 LOW | N/A |
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow. | |||||
CVE-2005-1836 | 1 Nextweb | 1 Nextweb \(i\)site | 2024-02-04 | 5.0 MEDIUM | N/A |
NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files. | |||||
CVE-2005-4415 | 1 Tml | 1 Tml | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter. | |||||
CVE-2005-3992 | 1 Wineggdropshell | 1 Wineggdropshell | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server. |