Total
255314 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-4588 | 1 Dream4 | 1 Koobi | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-0367 | 1 Cisco | 1 Call Manager | 2024-02-04 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page." | |||||
CVE-2005-0720 | 1 Mcnews | 1 Mcnews | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2006-0764 | 1 Cisco | 3 Anomaly Guard Module, Guard, Traffic Anomaly Detector Module | 2024-02-04 | 5.1 MEDIUM | N/A |
The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455. | |||||
CVE-2005-4195 | 2 Internet Scout, Internet Scout Project | 2 Scout Portal Toolkit, Scout Portal Toolkit | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0. | |||||
CVE-2005-3365 | 1 Codeworx Technologies | 1 Dcp-portal | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11. | |||||
CVE-2006-4234 | 1 Dotproject | 1 Dotproject | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. | |||||
CVE-2006-1593 | 2 X-doom, Zdaemon | 2 X-doom, Zdaemon | 2024-02-04 | 5.0 MEDIUM | N/A |
The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index. | |||||
CVE-2004-2429 | 1 Enderunix Software | 1 Spamguard | 2024-02-04 | 7.5 HIGH | N/A |
Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c. | |||||
CVE-2005-2562 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field. | |||||
CVE-2005-3649 | 1 Moodle | 1 Moodle | 2024-02-04 | 2.6 LOW | N/A |
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter. | |||||
CVE-2005-0311 | 1 Ingate | 1 Ingate Firewall | 2024-02-04 | 4.6 MEDIUM | N/A |
Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources. | |||||
CVE-2005-4598 | 1 Ooapp | 1 Ooapp Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
CVE-2006-2812 | 1 Dominios Europa | 1 Picrate | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) name (aka nick), (2) email, and (3) comment boxes; and via the (4) id parameter. | |||||
CVE-2005-2099 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. | |||||
CVE-2005-1376 | 1 Claroline | 1 Claroline | 2024-02-04 | 7.5 HIGH | N/A |
Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files. | |||||
CVE-2005-4356 | 1 Xmpie | 1 Ustore | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-0579 | 1 Freenx | 1 Freenx | 2024-02-04 | 4.6 MEDIUM | N/A |
nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication. | |||||
CVE-2005-3100 | 1 Astaro | 1 Security Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service. | |||||
CVE-2005-1453 | 1 Leafnode | 1 Leafnode | 2024-02-04 | 5.0 MEDIUM | N/A |
fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers. |