Total
255396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0958 | 1 Zoneo-soft | 1 Freeforum | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters. | |||||
| CVE-2005-4148 | 1 Lyris Technologies Inc | 1 Listmanager | 2024-02-04 | 5.0 MEDIUM | N/A |
| Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page. | |||||
| CVE-2006-3201 | 1 Hp | 1 Hp-ux | 2024-02-04 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. | |||||
| CVE-2006-2251 | 1 Invision Power Services | 1 Invision Community Blog | 2024-02-04 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter. | |||||
| CVE-2005-1528 | 1 Qnx | 1 Rtos | 2024-02-04 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library. | |||||
| CVE-2006-2437 | 1 Caucho Technology | 1 Resin | 2024-02-04 | 5.0 MEDIUM | N/A |
| The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter. | |||||
| CVE-2005-3228 | 1 Ikarus | 1 Ikarus Antivirus | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Ikarus AntiVirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3869 | 1 Google | 1 Api Search | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter. | |||||
| CVE-2005-0566 | 1 Kmint21 Software | 1 Golden Ftp Server | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO command. | |||||
| CVE-2006-3608 | 1 Flatnuke | 1 Flatnuke | 2024-02-04 | 4.6 MEDIUM | N/A |
| The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file. | |||||
| CVE-2005-3443 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB17. | |||||
| CVE-2005-3852 | 1 Onlinetechtools.com | 1 Owos Lite | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | |||||
| CVE-2005-4793 | 1 Hitachi | 2 Cm2-network Node Manager, Jp1-cm2-network Node Manager 250 | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the web utility function in Hitachi Cm2/Network Node Manager and JP1/Cm2/Network Node Manager before 20050930 allow attackers to execute arbitrary commands, disable services, and "exploit vulnerabilities." | |||||
| CVE-2006-1614 | 1 Clam Anti-virus | 1 Clamav | 2024-02-04 | 5.1 MEDIUM | N/A |
| Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2006-0641 | 1 Orbicule | 1 Undercover | 2024-02-04 | 2.6 LOW | N/A |
| Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination. | |||||
| CVE-2006-1489 | 1 Fusionzone | 1 Couponzone | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) companyid, (2) scat, and (3) coid parameters. | |||||
| CVE-2006-3293 | 1 Proton | 1 Energymech Irc Bot | 2024-02-04 | 5.0 MEDIUM | N/A |
| parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages. | |||||
| CVE-2005-3092 | 1 Image-line Software | 1 Fl Studio | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav file. | |||||
| CVE-2006-0177 | 1 Cray | 1 Unicos | 2024-02-04 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line. | |||||
| CVE-2005-2716 | 1 Nokia | 1 Affix | 2024-02-04 | 7.5 HIGH | N/A |
| The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name. | |||||