Total
255390 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1058 | 1 Cisco | 1 Ios | 2024-02-04 | 7.5 HIGH | N/A |
| Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations. | |||||
| CVE-2005-3364 | 1 Platinum | 1 Dboardgear | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php. | |||||
| CVE-2004-1195 | 1 Lucasarts | 1 Star Wars Battlefront | 2024-02-04 | 5.0 MEDIUM | N/A |
| Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a join request that contains a memory address that causes the server to read arbitrary memory. | |||||
| CVE-2004-2618 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). | |||||
| CVE-2006-3271 | 1 Softbiz | 1 Dating Script | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php. | |||||
| CVE-2005-1031 | 2 E-xoops, Runcms | 2 E-xoops, Runcms | 2024-02-04 | 5.0 MEDIUM | N/A |
| RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. | |||||
| CVE-2006-2216 | 1 Devsyn | 1 Open Bulletin Board | 2024-02-04 | 5.0 MEDIUM | N/A |
| Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php. | |||||
| CVE-2005-0124 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
| The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow. | |||||
| CVE-2006-3585 | 1 Jetbox | 1 Jetbox Cms | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search. | |||||
| CVE-2005-1435 | 1 Open Webmail | 1 Open Webmail | 2024-02-04 | 7.5 HIGH | N/A |
| Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2005-1154 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-04 | 7.5 HIGH | N/A |
| Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution." | |||||
| CVE-2006-4496 | 1 Iwebnegar | 1 Iwebnegar | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. | |||||
| CVE-2006-1786 | 1 Adobe | 1 Document Server | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue. | |||||
| CVE-2006-0919 | 1 Oi | 1 Email Marketing System | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | |||||
| CVE-2005-1718 | 1 Ls Games | 1 War Times | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname. | |||||
| CVE-2006-0613 | 1 Sun | 1 J2se | 2024-02-04 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications. | |||||
| CVE-2006-2146 | 1 Harold Bakker | 1 Hb-ns | 2024-02-04 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter. | |||||
| CVE-2005-3312 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
| The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. | |||||
| CVE-2005-3321 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
| chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions. | |||||
| CVE-2005-2111 | 1 Community Link Pro Web Editor | 1 Community Link Pro Web Editor | 2024-02-04 | 7.5 HIGH | N/A |
| login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter. | |||||