Total
255282 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2378 | 1 Calacode | 1 At Mail Webmail System | 2024-02-04 | 5.0 MEDIUM | N/A |
@Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server. | |||||
CVE-2004-0949 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-04 | 6.4 MEDIUM | N/A |
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times. | |||||
CVE-2005-0697 | 1 Brt | 1 Copperexport | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters. | |||||
CVE-2006-1610 | 1 Squery | 1 Squery | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. NOTE: this only occurs when register_globals is disabled. | |||||
CVE-2006-1779 | 1 Simplog | 1 Simplog | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. | |||||
CVE-2005-3909 | 1 Post Affiliate Pro | 1 Post Affiliate Pro | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter. | |||||
CVE-2006-4081 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2024-02-04 | 7.5 HIGH | N/A |
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000. | |||||
CVE-2005-3676 | 1 Phpwebthings | 1 Phpwebthings | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter. | |||||
CVE-2005-1246 | 1 Vladislav Bogdanov | 1 Snmppd | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call. | |||||
CVE-2006-2520 | 1 Bitberry Software | 1 Bitzipper | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive. | |||||
CVE-2006-1221 | 1 Zonelabs | 1 Zonealarm Security Suite | 2024-02-04 | 6.2 MEDIUM | N/A |
Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE. | |||||
CVE-2004-1105 | 1 Nortel | 1 Contivity | 2024-02-04 | 5.0 MEDIUM | N/A |
Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. | |||||
CVE-2005-2334 | 1 Y.sak | 1 Y.sak | 2024-02-04 | 10.0 HIGH | N/A |
Y.SAK allows remote attackers to execute arbitrary commands via shell metacharacters in the $no variable to (1) w_s3mbfm.cgi, (2) w_s3adix.cgi, or (3) w_s3sbfm.cgi. | |||||
CVE-2005-4064 | 1 Alan Ward | 1 A-faq | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp. | |||||
CVE-2006-3129 | 1 Nc Linklist | 1 Nc Linklist | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters. | |||||
CVE-2006-2241 | 1 Ftrainsoft | 1 Fast Click | 2024-02-04 | 6.4 MEDIUM | N/A |
PHP remote file inclusion vulnerability in show.php in Fast Click SQL Lite 1.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: This is a different vulnerability than CVE-2006-2175. | |||||
CVE-2006-0873 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-04 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. | |||||
CVE-2005-1648 | 1 Gurgens | 1 Gurgens Ultimate Forum | 2024-02-04 | 7.5 HIGH | N/A |
Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords. | |||||
CVE-2006-0107 | 1 Idea Development Id Oy | 1 Timecan Cms | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108. | |||||
CVE-2005-4714 | 1 Openvmps | 1 Openvmps | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors. |