Total
255241 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-4644 | 1 Edgewall Software | 1 Trac | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. | |||||
CVE-2005-0837 | 1 Icecast | 1 Icecast | 2024-02-04 | 5.0 MEDIUM | N/A |
IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot). | |||||
CVE-2006-1217 | 1 Dsportal | 1 Dspoll | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php. | |||||
CVE-2005-1095 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
CVE-2006-1952 | 1 Winagents | 1 Tftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request. | |||||
CVE-2006-0460 | 1 Bomberclone | 1 Bomberclone | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages. | |||||
CVE-2006-2447 | 1 Apache | 1 Spamassassin | 2024-02-04 | 5.1 MEDIUM | N/A |
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | |||||
CVE-2005-3637 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3530. Reason: This candidate is a duplicate of CVE-2005-3530. Notes: All CVE users should reference CVE-2005-3530 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-2849 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2024-02-04 | 6.4 MEDIUM | N/A |
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump. | |||||
CVE-2005-2391 | 1 3com | 1 3crwe454g72 | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface. | |||||
CVE-2005-2583 | 1 Mentor | 1 Adslfr4ii | 2024-02-04 | 7.5 HIGH | N/A |
Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access. | |||||
CVE-2005-2912 | 1 Linksys | 1 Wrt54g | 2024-02-04 | 5.0 MEDIUM | N/A |
Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value. | |||||
CVE-2006-3320 | 1 Sitebar | 1 Sitebar | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter. | |||||
CVE-2006-1563 | 1 Vscripts | 1 Vbook | 2024-02-04 | 7.6 HIGH | N/A |
Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other [V]Book scripts. | |||||
CVE-2006-2468 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 4.0 MEDIUM | N/A |
The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information. | |||||
CVE-2005-4373 | 1 Liquid Bytes Technologies | 1 Adaptive Website Framework | 2024-02-04 | 5.0 MEDIUM | N/A |
Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. | |||||
CVE-2006-1198 | 1 Comvigo | 1 Im Lock | 2024-02-04 | 3.7 LOW | N/A |
Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password. | |||||
CVE-2006-1574 | 1 Hitachi | 4 Groupmax World Wide Web, Groupmax World Wide Web Desktop, Groupmax World Wide Web Desktop Scheduler and 1 more | 2024-02-04 | 5.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
CVE-2006-0238 | 1 Gamerz | 1 Wp-stats | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter. | |||||
CVE-2006-2429 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers". |