Total
255314 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1682 | 1 Talentsoft | 1 Web\+ Shop | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script. | |||||
CVE-2006-1418 | 1 Caloris Planitia Technologies | 1 E-school Management System | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
CVE-2005-4282 | 1 Zaygo | 1 Domaincart | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi. | |||||
CVE-2006-3575 | 1 Mcafee | 1 Virusscan | 2024-02-04 | 2.1 LOW | N/A |
Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) "Process name", (2) "Module name", or (3) "API name" fields. | |||||
CVE-2005-1677 | 1 Groove | 2 Groove Workspace, Virtual Office | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allows remote attackers to bypass restrictions on COM objects. | |||||
CVE-2005-0089 | 1 Python | 1 Python | 2024-02-04 | 7.5 HIGH | N/A |
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes. | |||||
CVE-2006-1580 | 1 Websina | 1 Bugzero | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 and other versions allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in query.jsp and (2) entryId parameter in edit.jsp. | |||||
CVE-2004-2585 | 1 Smartertools | 1 Smartermail | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. | |||||
CVE-2006-2071 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs. | |||||
CVE-2005-4227 | 1 Codeworx Technologies | 1 Dcp-portal | 2024-02-04 | 7.5 HIGH | N/A |
Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454. | |||||
CVE-2005-3979 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-02-04 | 5.0 MEDIUM | N/A |
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | |||||
CVE-2006-1675 | 1 Phpwebgallery | 1 Phpwebgallery | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674. | |||||
CVE-2006-0651 | 1 Vwdev | 1 Vwdev | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page. | |||||
CVE-2006-3760 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2006-3784 | 1 Symantec | 1 Pcanywhere | 2024-02-04 | 7.2 HIGH | N/A |
Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator. | |||||
CVE-2006-3700 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB. | |||||
CVE-2006-3819 | 1 Twiki | 1 Twiki | 2024-02-04 | 7.5 HIGH | N/A |
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF". | |||||
CVE-2006-2370 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." | |||||
CVE-2006-0458 | 1 Irssi | 1 Irssi | 2024-02-04 | 5.0 MEDIUM | N/A |
The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command. | |||||
CVE-2006-3999 | 1 Iss | 1 Blackice Pc Protection | 2024-02-04 | 4.6 MEDIUM | N/A |
ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions. |