Total
255226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2579 | 1 Novell | 1 Ichain | 2024-02-04 | 7.5 HIGH | N/A |
ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding." | |||||
CVE-2005-0586 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-04 | 2.6 LOW | N/A |
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content. | |||||
CVE-2006-0612 | 1 Powersave | 1 Powersave | 2024-02-04 | 4.6 MEDIUM | N/A |
Powersave daemon before 0.10.15.2 allows local users to gain privileges (unauthorized access to an X session) via unspecified vectors. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
CVE-2005-1881 | 1 Yapig | 1 Yapig | 2024-02-04 | 7.5 HIGH | N/A |
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. | |||||
CVE-2006-0810 | 1 Skate Board | 1 Skate Board | 2024-02-04 | 3.5 LOW | N/A |
Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection. | |||||
CVE-2004-2495 | 1 Code-crafters | 1 Ability Mail Server | 2024-02-04 | 7.8 HIGH | N/A |
The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service. | |||||
CVE-2006-2767 | 1 Ottoman | 1 Ottoman | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php. | |||||
CVE-2005-0980 | 1 Alstrasoft | 1 Epay | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2005-3902 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script. | |||||
CVE-2005-0743 | 1 Xoops | 1 Xoops | 2024-02-04 | 7.5 HIGH | N/A |
The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered. | |||||
CVE-2005-1730 | 1 Novell | 1 Imanager | 2024-02-04 | 9.3 HIGH | N/A |
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112. | |||||
CVE-2005-4624 | 1 Ptnet | 1 Ptnet Ircd | 2024-02-04 | 5.0 MEDIUM | N/A |
The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users. | |||||
CVE-2004-2576 | 1 Phpgroupware | 1 Phpgroupware | 2024-02-04 | 5.0 MEDIUM | N/A |
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files. | |||||
CVE-2005-4457 | 1 Mailenable | 1 Mailenable Enterprise | 2024-02-04 | 7.5 HIGH | N/A |
MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command. | |||||
CVE-2006-3665 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 4.3 MEDIUM | N/A |
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this. | |||||
CVE-2006-1102 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2024-02-04 | 5.0 MEDIUM | N/A |
Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension. | |||||
CVE-2005-2866 | 1 Mercora | 1 Imradio | 2024-02-04 | 4.6 MEDIUM | N/A |
Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles registry key, which allows local users to gain privileges. | |||||
CVE-2005-3584 | 1 Phpwebthings | 1 Phpwebthings | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter. | |||||
CVE-2006-1577 | 1 Mantis | 1 Mantis | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters. | |||||
CVE-2005-3828 | 1 Activecampaign | 1 Knowledgebuilder | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. |