Total
255391 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2137 | 1 Nateon | 1 Nateon Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors. | |||||
CVE-2005-0221 | 1 Gallery Project | 1 Gallery | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field. | |||||
CVE-2005-3556 | 1 Tincan | 1 Phplist | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php. | |||||
CVE-2005-3107 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state. | |||||
CVE-2005-3066 | 1 Scriptsolutions | 1 Perldiver | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver 1.x allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged. | |||||
CVE-2005-2198 | 1 Spid | 1 Spid | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter. | |||||
CVE-2006-0203 | 1 Mini-nuke | 1 Cms System | 2024-02-04 | 5.0 MEDIUM | N/A |
membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter. | |||||
CVE-2006-0431 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 2.1 LOW | N/A |
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors. | |||||
CVE-2005-0499 | 1 Gigafast Ethernet | 1 Gigafast Router | 2024-02-04 | 5.0 MEDIUM | N/A |
Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries. | |||||
CVE-2006-1322 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow. | |||||
CVE-2006-1290 | 1 Milkeyway | 1 Milkeyway Captive Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php. | |||||
CVE-2006-0246 | 1 Widexl | 1 Download Tracker | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||||
CVE-2005-3960 | 1 Kadu | 1 Kadu | 2024-02-04 | 7.8 HIGH | N/A |
Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information. | |||||
CVE-2006-0056 | 1 Pam-mysql | 1 Pam-mysql | 2024-02-04 | 7.5 HIGH | N/A |
Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL. | |||||
CVE-2006-2690 | 1 Eva-web | 1 Eva-web | 2024-02-04 | 7.8 HIGH | N/A |
An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters. | |||||
CVE-2006-0998 | 1 Novell | 2 Netware, Open Enterprise Server | 2024-02-04 | 5.0 MEDIUM | N/A |
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. | |||||
CVE-2006-0084 | 1 Rasmp | 1 Rasmp | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header). | |||||
CVE-2006-3501 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.1 MEDIUM | N/A |
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image. | |||||
CVE-2006-3131 | 1 Clubpage | 1 Clubpage | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php. | |||||
CVE-2005-1128 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries. |