Total
255328 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-1431 | 1 Microsoft | 1 Zero Administration Kit | 2024-02-04 | 4.6 MEDIUM | N/A |
ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe. | |||||
CVE-2006-1748 | 1 Xmb Software | 1 Xmb Forum | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript. | |||||
CVE-2005-0430 | 1 Id Software | 1 Quake 3 Engine | 2024-02-04 | 5.0 MEDIUM | N/A |
The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow. | |||||
CVE-2005-4305 | 1 Edgewall Software | 1 Trac | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. | |||||
CVE-2005-4670 | 1 Citypost | 1 Php Lnkx | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
CVE-2005-0306 | 1 Mercuryboard | 1 Mercuryboard | 2024-02-04 | 5.0 MEDIUM | N/A |
MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message. | |||||
CVE-2005-0302 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | |||||
CVE-2005-1472 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | N/A |
Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories. | |||||
CVE-2004-1227 | 1 Sugarcrm | 1 Sugar Sales | 2024-02-04 | 10.0 HIGH | N/A |
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts. | |||||
CVE-2005-2286 | 1 Esi Products | 1 Webeoc | 2024-02-04 | 10.0 HIGH | N/A |
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource. | |||||
CVE-2005-4619 | 1 Phpoutsourcing | 1 Zorum | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method. | |||||
CVE-2006-0241 | 1 Webmobo | 1 Wbnews | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field. | |||||
CVE-2006-2762 | 1 Webcalendar | 1 Webcalendar | 2024-02-04 | 6.4 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call. | |||||
CVE-2006-0900 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 7.8 HIGH | N/A |
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite. | |||||
CVE-2006-3944 | 1 Microsoft | 1 Ie | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. | |||||
CVE-2005-1274 | 1 Mysql | 1 Maxdb | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter. | |||||
CVE-2005-1697 | 1 Postnuke | 1 Postnuke | 2024-02-04 | 5.0 MEDIUM | N/A |
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message. | |||||
CVE-2005-3954 | 1 Blogbuddies | 1 Blogbuddies | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php. | |||||
CVE-2006-2563 | 1 Php | 1 Php | 2024-02-04 | 2.1 LOW | N/A |
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. | |||||
CVE-2005-4562 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was assigned in 2005 to an issue that would not be published until 2006, so new identifiers were assigned. Notes: none. |