Total
255231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3898 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. | |||||
| CVE-2006-1613 | 1 Aweb Labs | 1 Awebnews | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php. | |||||
| CVE-2005-2799 | 1 Linksys | 1 Wrt54g | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request. | |||||
| CVE-2005-3836 | 1 Desklance | 1 Desklance | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter. | |||||
| CVE-2006-2062 | 1 Leadhound Network | 2 Leadhound Full, Leadhound Lite | 2024-02-04 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) agent_links.pl, (3) agent_transactions.pl, (4) agent_subaffiliates.pl, and (5) agent_summary.pl; the camp_id parameter in (6) agent_transactions_csv.pl, (7) agent_subaffiliates.pl, and (8) agent_camp_det.pl; the (9) login parameter in agent_commission_statement.pl; the logged parameter in (10) agent_commission_statement.pl and (11) agent_camp_det.pl; the (12) agent_id parameter in agent_commission_statement.pl; and the (13) sub parameter in unspecified files. | |||||
| CVE-2005-3531 | 1 Miklos Szeredi | 1 Fuse | 2024-02-04 | 2.1 LOW | N/A |
| fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters. | |||||
| CVE-2004-2499 | 1 Hitachi | 2 Web Page Generator, Web Page Generator Enterprise | 2024-02-04 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed." | |||||
| CVE-2004-2323 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-04 | 5.0 MEDIUM | N/A |
| DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config. | |||||
| CVE-2006-2857 | 1 Lifetype | 1 Lifetype | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php). | |||||
| CVE-2006-3941 | 1 Sun | 1 N1 Grid Engine | 2024-02-04 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 and N1 Grid Engine 6.0 allows local users to cause a denial of service (grid service shutdown) and possibly execute arbitrary code using buffer overflows via unknown vectors that cause (1) qmaster or (2) execd to terminate. | |||||
| CVE-2006-2902 | 1 Particle Soft | 1 Particle Links | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request. NOTE: it is not clear whether this issue is legitimate, as the original researcher seems unsure. | |||||
| CVE-2006-2578 | 1 Esyndicat | 1 Esyndicat Directory | 2024-02-04 | 5.1 MEDIUM | N/A |
| admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter. | |||||
| CVE-2006-3514 | 1 Phpblogger | 1 Php-blogger | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters. | |||||
| CVE-2006-2833 | 1 Drupal | 1 Drupal | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | |||||
| CVE-2004-2503 | 1 Inweb | 1 Mail Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| INweb Mail Server 2.40 allows remote attackers to cause a denial of service (crash) via a large number of connect/disconnect actions to the (1) POP3 and (2) SMTP services. | |||||
| CVE-2006-2147 | 1 Resmgr | 1 Resmgrd | 2024-02-04 | 3.6 LOW | N/A |
| resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:<bus>,<dev>" notation, which grants access to all USB devices and allows local users to bypass intended restrictions. NOTE: this is a different vulnerability than CVE-2005-4788. | |||||
| CVE-2005-3219 | 1 Avira | 1 Antivir Personal | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Avira Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-0858 | 1 Coolforum | 1 Coolforum | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php. | |||||
| CVE-2005-4310 | 1 Ssh | 1 Tectia Server | 2024-02-04 | 7.5 HIGH | N/A |
| SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials. | |||||
| CVE-2006-3094 | 1 Vincent Hor | 1 Calendarix Basic | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php. | |||||