Total
255254 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3776 | 1 Idevspot | 2 Autohost, Phphostbot | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
CVE-2005-4163 | 1 Milky | 1 Captcha Php | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 allows remote attackers to read arbitrary files via the _tcf parameter. | |||||
CVE-2005-3080 | 1 Geshi | 1 Geshi | 2024-02-04 | 5.0 MEDIUM | N/A |
contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set. | |||||
CVE-2006-0611 | 1 Atmail | 1 Atmail | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter. | |||||
CVE-2005-3371 | 1 Grisoft | 1 Avg Antivirus | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
CVE-2005-4719 | 1 Sysbotz | 1 Systems Panel | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php. | |||||
CVE-2006-1873 | 1 Oracle | 1 Database Server | 2024-02-04 | 9.0 HIGH | N/A |
Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08. | |||||
CVE-2005-2665 | 1 Elm Development Group | 1 Elm | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header. | |||||
CVE-2005-2461 | 1 Kayako | 1 Liveresponse | 2024-02-04 | 6.4 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter. | |||||
CVE-2006-1542 | 1 Python | 1 Python | 2024-02-04 | 3.7 LOW | N/A |
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected. | |||||
CVE-2006-2957 | 1 Skoom | 1 I.list | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2006-1448 | 1 Apple | 1 Mac Os X | 2024-02-04 | 6.5 MEDIUM | N/A |
Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme. | |||||
CVE-2006-4297 | 1 Oscommerce | 1 Oscommerce | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters. | |||||
CVE-2006-0472 | 1 My Little Homepage | 1 My Little Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | |||||
CVE-2006-2878 | 1 Andreas Gohr | 1 Dokuwiki | 2024-02-04 | 7.5 HIGH | N/A |
The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. | |||||
CVE-2004-2462 | 1 Cplay | 1 Cplay | 2024-02-04 | 4.6 MEDIUM | N/A |
cplay 1.49 on Linux allows local users to overwrite arbitrary files via a symlink attack on the cplay_control temporary file. | |||||
CVE-2006-4018 | 1 Clamav | 1 Clamav | 2024-02-04 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. | |||||
CVE-2006-0402 | 1 Jason Geiger | 1 Zoph | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands. | |||||
CVE-2006-3064 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | |||||
CVE-2006-2036 | 1 Iopus | 1 Secure Email Attachments | 2024-02-04 | 2.1 LOW | N/A |
iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring. |