Total
255244 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2287 | 1 Dsm | 1 Light Web File Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter. | |||||
CVE-2006-0850 | 1 Ilch.de | 1 Ilchclan | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-1017 | 1 Maxwebportal | 1 Maxwebportal | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. | |||||
CVE-2006-0288 | 1 Oracle | 2 Application Server, E-business Suite | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02. | |||||
CVE-2005-0392 | 1 Debian | 1 Ppxp | 2024-02-04 | 7.2 HIGH | N/A |
ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. | |||||
CVE-2006-3580 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
CVE-2005-4735 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 6.8 MEDIUM | N/A |
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. | |||||
CVE-2005-0265 | 1 Owl | 1 Owl Intranet Engine | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter. | |||||
CVE-2005-1385 | 1 Apple | 1 Safari | 2024-02-04 | 2.6 LOW | N/A |
Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference. | |||||
CVE-2006-0875 | 1 Runcms | 1 Runcms | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. | |||||
CVE-2005-2421 | 1 Beehive Forum | 1 Beehive Forum | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter. | |||||
CVE-2005-3051 | 1 Igor Pavlov | 1 7-zip | 2024-02-04 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7-Zip 3.13, 4.23, and 4.26 BETA, as used in products including Turbo Searcher, allows remote attackers to execute arbitrary code via a large ARJ block. | |||||
CVE-2005-1797 | 1 Openssl | 1 Openssl | 2024-02-04 | 5.1 MEDIUM | N/A |
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. | |||||
CVE-2006-3859 | 1 Ibm | 1 Informix Dynamic Database Server | 2024-02-04 | 4.0 MEDIUM | N/A |
IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands. | |||||
CVE-2005-1434 | 1 Hp | 1 Openview Network Node Manager | 2024-02-04 | 7.5 HIGH | N/A |
Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code. | |||||
CVE-2006-4668 | 1 Rob Hensley | 1 Ackertodo | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command. | |||||
CVE-2005-1567 | 1 Directtopics | 1 Directtopics | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
CVE-2006-4719 | 1 Myabracadaweb | 1 Myabracadaweb | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php. | |||||
CVE-2005-3897 | 1 Apple | 1 Safari | 2024-02-04 | 7.8 HIGH | N/A |
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. | |||||
CVE-2005-3896 | 1 Mozilla | 1 Mozilla | 2024-02-04 | 7.8 HIGH | N/A |
Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. |