Total
255237 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-4768 | 1 Tux Racer | 1 Tuxbank | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.php. | |||||
CVE-2004-1163 | 1 Cisco | 1 Cns Network Registrar | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets. | |||||
CVE-2005-1438 | 1 Osticket | 1 Osticket | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter. | |||||
CVE-2005-0521 | 1 Sendlink | 1 Sendlink | 2024-02-04 | 2.1 LOW | N/A |
SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges. | |||||
CVE-2005-1613 | 1 Openbb | 1 Openbb | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action. | |||||
CVE-2005-0507 | 1 Gd Software | 1 Sd Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. sequences in an HTTP request. | |||||
CVE-2005-2867 | 1 Bluewhalecrm | 1 Bluewhalecrm | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in BlueWhaleCRM allows remote attackers to execute arbitrary SQL commands via the Account ID field. | |||||
CVE-2006-4478 | 1 Visualshapers | 1 Ezcontents | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter. | |||||
CVE-2006-3807 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-04 | 7.5 HIGH | N/A |
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor. | |||||
CVE-2006-0427 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 2.1 LOW | N/A |
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted. | |||||
CVE-2006-1263 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
CVE-2004-2387 | 2 Denis Sbragion, Peter Astrand | 2 Sredird, Sercd | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code. | |||||
CVE-2005-2492 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2024-02-04 | 3.6 LOW | N/A |
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. | |||||
CVE-2005-2581 | 1 Grandstream | 2 Budgetone 101, Budgetone 102 | 2024-02-04 | 5.0 MEDIUM | N/A |
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060. | |||||
CVE-2005-2378 | 1 Oracle | 1 Reports | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU. | |||||
CVE-2005-2139 | 1 Pavsta | 1 Pavsta Auto Site | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter. | |||||
CVE-2005-3041 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads." | |||||
CVE-2006-4674 | 1 Andreas Gohr | 1 Dokuwiki | 2024-02-04 | 7.5 HIGH | N/A |
Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php. | |||||
CVE-2006-4760 | 1 Benjamin Pasero And Tobias Eichert | 1 Rssowl | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. | |||||
CVE-2005-1935 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. |