Total
255367 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2134 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
CVE-2005-0656 | 1 Arif Supriyanto | 1 Auracms | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php. | |||||
CVE-2005-3394 | 1 Oaboard | 1 Oaboard | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module. | |||||
CVE-2005-4045 | 1 Sun | 1 Java Communications Services Delegated Administrator | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly involving configure_toplevel_admin.ldif. | |||||
CVE-2004-1162 | 2 Gentoo, Scponly | 2 Linux, Scponly | 2024-02-04 | 7.5 HIGH | N/A |
The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. | |||||
CVE-2005-1092 | 1 Light Speed Technology | 1 Deluxeftp | 2024-02-04 | 7.2 HIGH | N/A |
Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | |||||
CVE-2006-4530 | 1 Membrepass | 1 Membrepass | 2024-02-04 | 7.5 HIGH | N/A |
Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php. | |||||
CVE-2005-2641 | 1 Padl Software | 1 Pam Ldap | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate. | |||||
CVE-2006-2390 | 1 Ozjournals | 1 Ozjournals | 2024-02-04 | 5.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality. | |||||
CVE-2006-3283 | 1 Datetopia | 1 Dating Agent Pro | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php. | |||||
CVE-2005-3278 | 1 Jan Kybic | 1 Bitmap Viewer | 2024-02-04 | 7.2 HIGH | N/A |
Integer overflow in the openpsfile function in gsinterf.c for Jan Kybic BitMap Viewer (BMV) 1.2 allows local users to execute arbitrary code via a PostScript (PS) file containing a large number of pages value, which leads to a resultant buffer overflow. | |||||
CVE-2006-4312 | 1 Cisco | 9 Adaptive Security Appliance, Pix Firewall 501, Pix Firewall 506 and 6 more | 2024-02-04 | 6.8 MEDIUM | N/A |
Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. | |||||
CVE-2005-0622 | 1 Raidenhttpd | 1 Raidenhttpd | 2024-02-04 | 5.0 MEDIUM | N/A |
RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing (1) . (dot) or (2) space. | |||||
CVE-2005-2742 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 4.6 MEDIUM | N/A |
SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting. | |||||
CVE-2006-2101 | 1 Winiso Computing | 1 Winiso | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
CVE-2005-1207 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. | |||||
CVE-2005-3115 | 1 Mpeg-tools | 1 Mpeg-tools | 2024-02-04 | 2.1 LOW | N/A |
mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, which allows local users to overwrite arbitrary files via (1) ts.stat, (2) ts.mpg, (3) foobar, (4) blockbar, or (5) foobar[NNN]. | |||||
CVE-2006-4639 | 1 C-news.fr | 1 C-news | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) formulaire_commentaires.php, (2) affichage/liste_news.php, (3) affichage/news_complete.php, or (4) affichage/pagination.php. NOTE: the provenance of some of this information is unknown; some details are obtained from third party information. | |||||
CVE-2006-3929 | 1 Zyxel | 1 Prestige 660h-61 | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. | |||||
CVE-2006-0344 | 1 Intervations | 1 Filecopa | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands. |