Total
255315 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-3254 | 1 Nathan Neulinger | 1 Cgiwrap | 2024-02-04 | 10.0 HIGH | N/A |
The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems. | |||||
CVE-2006-1286 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2024-02-04 | 2.1 LOW | N/A |
Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database. | |||||
CVE-2005-2775 | 1 Phpwebnotes | 1 Phpwebnotes | 2024-02-04 | 7.5 HIGH | N/A |
php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the t_path_core parameter. | |||||
CVE-2005-3895 | 1 Otrs | 1 Otrs | 2024-02-04 | 5.8 MEDIUM | N/A |
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources. | |||||
CVE-2006-0365 | 1 Xmb Software | 1 Xmb Forum | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element. | |||||
CVE-2005-4277 | 1 Toenda Software Development | 1 Toendacms | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
CVE-2005-1113 | 1 Phpbb Group | 1 Phpbb Plus | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php. | |||||
CVE-2005-4298 | 1 Atlantpro.com | 1 Atlantforum | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) sch_allsubct, (2) before, and (3) ct parameters. | |||||
CVE-2006-1694 | 1 Xbrite | 1 Xbrite Members | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2006-1425 | 1 Phpmyfamily | 1 Phpmyfamily | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
CVE-2006-2600 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2588. Reason: This candidate is a duplicate of CVE-2006-2588. Notes: All CVE users should reference CVE-2006-2588 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2006-0148 | 1 Netsarang | 1 Xlpd | 2024-02-04 | 5.0 MEDIUM | N/A |
NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. | |||||
CVE-2006-3963 | 1 Banex | 1 Banex | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php. | |||||
CVE-2006-1233 | 1 Mikael Software | 1 Wmnews | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php. | |||||
CVE-2006-3386 | 1 Vincent Leclercq | 1 News | 2024-02-04 | 5.0 MEDIUM | N/A |
index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values. | |||||
CVE-2006-2002 | 1 Mygamingladder | 1 Mygamingladder | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter. | |||||
CVE-2005-3646 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. | |||||
CVE-2006-4331 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. | |||||
CVE-2005-4442 | 1 Openldap | 1 Openldap | 2024-02-04 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
CVE-2006-3034 | 1 Myscrapbook | 1 Myscrapbook | 2024-02-04 | 5.0 MEDIUM | N/A |
MyScrapbook 3.1 allows remote attackers to obtain sensitive information via a direct request to files in the txt-db-api directory such as txt-db-api/sql.php, which reveals the path in an error message. |