Total
255192 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3311 | 1 Adobe | 2 Flash Player, Flex Sdk | 2024-02-04 | 5.1 MEDIUM | N/A |
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. | |||||
CVE-2005-0882 | 1 Birdblog | 1 Birdblog | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters. | |||||
CVE-2006-2905 | 1 Particle Soft | 1 Particle Links | 2024-02-04 | 5.0 MEDIUM | N/A |
Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message. | |||||
CVE-2005-2749 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 2.1 LOW | N/A |
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability. | |||||
CVE-2005-2336 | 1 Hiki | 1 Hiki | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803. | |||||
CVE-2005-2311 | 1 Sms | 1 Sms | 2024-02-04 | 2.1 LOW | N/A |
SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files. | |||||
CVE-2005-2679 | 1 Sysinternals | 1 Process Explorer | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a running process. | |||||
CVE-2006-2573 | 1 Dian Gemilang | 1 Dgbook | 2024-02-04 | 5.1 MEDIUM | N/A |
SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-1009 | 1 Bakbone | 1 Netvault | 2024-02-04 | 10.0 HIGH | N/A |
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file. | |||||
CVE-2006-3408 | 1 Tor | 1 Tor | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors. | |||||
CVE-2005-4087 | 1 Sugarcrm | 1 Sugar Suite | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter. | |||||
CVE-2006-1486 | 1 Fusionzone | 1 Realestatezone | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters. | |||||
CVE-2005-4731 | 1 The Php Group | 1 Pear Html Quickform Controller | 2024-02-04 | 5.0 MEDIUM | N/A |
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors. | |||||
CVE-2004-1129 | 1 Youngzsoft | 1 Cmailserver | 2024-02-04 | 10.0 HIGH | N/A |
SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter. | |||||
CVE-2006-0823 | 1 Geeklog | 1 Geeklog | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php. | |||||
CVE-2005-0898 | 1 Magicscripts | 1 E-store Kit-2 | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter. | |||||
CVE-2005-1449 | 1 S9y | 1 Serendipity | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. | |||||
CVE-2006-1163 | 1 Nodez | 1 Nodez | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability. | |||||
CVE-2005-1011 | 1 Iatek | 1 Siteenable | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in content.asp in SiteEnable allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | |||||
CVE-2005-3363 | 1 Saphp | 1 Saphplesson | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php. |