Total
255391 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3725 | 1 Symantec | 1 Norton Personal Firewall | 2024-02-04 | 2.1 LOW | N/A |
Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc and (2) HKLM\SYSTEM\CurrentControlSet\Services\SymEvent registry keys. | |||||
CVE-2006-4531 | 1 Bare Concept Media | 1 Pheap Cms | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. | |||||
CVE-2006-0868 | 1 Pear | 1 Xml Rpc | 2024-02-04 | 7.5 HIGH | N/A |
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers." | |||||
CVE-2004-2437 | 1 Php Fusion | 1 Php Fusion | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php. | |||||
CVE-2006-1250 | 1 Amax Information Technologies | 1 Winmail | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. | |||||
CVE-2004-1111 | 1 Cisco | 10 7200 Router, 7300 Router, 7500 Router and 7 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size. | |||||
CVE-2006-0712 | 1 Squishdot | 1 Squishdot | 2024-02-04 | 5.0 MEDIUM | N/A |
mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability. | |||||
CVE-2004-1309 | 1 Mplayer | 1 Unix Mplayer | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field. | |||||
CVE-2005-1428 | 1 Uapplication | 1 Uphotogallery | 2024-02-04 | 7.5 HIGH | N/A |
edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files. | |||||
CVE-2004-2315 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request. | |||||
CVE-2006-0743 | 1 Apache | 1 Log4net | 2024-02-04 | 5.0 MEDIUM | N/A |
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | |||||
CVE-2005-2818 | 1 Eric Fichot | 1 Downfile | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php. | |||||
CVE-2006-1196 | 1 David Barrett | 1 Qwikiwiki | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php. | |||||
CVE-2006-0654 | 1 Hinton Design | 1 Phpht Topsites | 2024-02-04 | 7.5 HIGH | N/A |
check.php in Hinton Design phpht Topsites 1.3 does not validate passwords when using cookies, which allows remote attackers to bypass authentication via unspecified cookies. | |||||
CVE-2005-0104 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. | |||||
CVE-2006-3720 | 1 Oracle | 1 Enterprise Manager | 2024-02-04 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in Enterprise Config Management for Oracle Enterprise Manager 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# EM02. | |||||
CVE-2005-4070 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3665. Reason: This candidate is a reservation duplicate of CVE-2005-3665. Notes: All CVE users should reference CVE-2005-3665 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-1137 | 1 Alexander Palmo | 1 Simple Php Blog | 2024-02-04 | 5.0 MEDIUM | N/A |
Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. | |||||
CVE-2004-1207 | 1 Serioussam | 1 Seriousengine | 2024-02-04 | 5.0 MEDIUM | N/A |
The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, and (3) Serious Sam Second Encounter 1.07 allows remote attackers to cause a denial of service (server crash) via a large number of UDP join requests that exceeds the maximum player limit, as originally reported for Alpha Black Zero. | |||||
CVE-2006-3704 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4. |