Total
255187 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1958 | 1 Wired Community Software | 1 Wwwthreads | 2024-02-04 | 6.4 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote attackers to execute arbitrary SQL commands via (1) the forumreferrer cookie to register.php and (2) the messages parameter in message_list.php. | |||||
CVE-2005-1351 | 1 Leif M. Wright | 1 Ad.cgi | 2024-02-04 | 7.5 HIGH | N/A |
The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | |||||
CVE-2005-2402 | 1 Phpsitesearch | 1 Phpsitesearch | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
CVE-2005-1987 | 1 Microsoft | 4 Exchange Server, Windows 2000, Windows Server 2003 and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. | |||||
CVE-2006-2156 | 1 X7 Group | 1 X7 Chat | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter. | |||||
CVE-2006-1156 | 1 Manas Tungare | 1 Site Membership Script | 2024-02-04 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. | |||||
CVE-2005-1870 | 1 Popper | 1 Popper | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter. | |||||
CVE-2004-2655 | 1 Xscreensaver | 1 Xscreensaver | 2024-02-04 | 5.4 MEDIUM | N/A |
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. | |||||
CVE-2006-3195 | 1 Singapore | 1 Singapore | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter. | |||||
CVE-2006-3068 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 5.0 MEDIUM | N/A |
IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator," which leads to a "memory overwrite." | |||||
CVE-2006-2954 | 1 Primoris Software | 1 Officeflow | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter. | |||||
CVE-2006-3419 | 1 Tor | 1 Tor | 2024-02-04 | 5.0 MEDIUM | N/A |
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks. | |||||
CVE-2005-3955 | 3 Blogbuddies, Jaws, Magpierss | 3 Blogbuddies, Jaws, Magpierss | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php. | |||||
CVE-2006-1568 | 1 Redcms | 1 Redcms | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters. | |||||
CVE-2004-2443 | 1 Jaws | 1 Jaws | 2024-02-04 | 7.5 HIGH | N/A |
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php. | |||||
CVE-2005-4518 | 1 Mantis | 1 Mantis | 2024-02-04 | 7.5 HIGH | N/A |
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php. | |||||
CVE-2006-0109 | 1 Modular Merchant | 1 Shopping Cart | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
CVE-2006-0052 | 1 Gnu | 1 Mailman | 2024-02-04 | 5.0 MEDIUM | N/A |
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | |||||
CVE-2005-3095 | 1 Avi Alkalay | 1 Notify | 2024-02-04 | 7.5 HIGH | N/A |
Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers to execute arbitrary commands via shell metacharacters in the from parameter. | |||||
CVE-2005-3456 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge. |