Total
255170 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-3921 | 1 Cisco | 1 Ios | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers. | |||||
CVE-2005-0833 | 1 Belkin | 1 Belkin 54g Wireless Router | 2024-02-04 | 7.5 HIGH | N/A |
Belkin 54G (F5D7130) wireless router allows remote attackers to access restricted resources by sniffing URIs from UPNP datagrams, then accessing those URIs, which do not require authentication. | |||||
CVE-2006-3370 | 1 Bb-news | 1 Blueboy | 2024-02-04 | 5.0 MEDIUM | N/A |
Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
CVE-2005-0647 | 1 Php Arena | 1 Panews | 2024-02-04 | 5.0 MEDIUM | N/A |
admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. | |||||
CVE-2005-0571 | 1 Punbb | 1 Punbb | 2024-02-04 | 5.0 MEDIUM | N/A |
admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter. | |||||
CVE-2006-3145 | 1 Netpbm | 1 Netpbm | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error. | |||||
CVE-2006-1559 | 1 Php | 1 Php Script Index | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-2168 | 1 Fileprotection Express | 1 Fileprotection Express | 2024-02-04 | 7.5 HIGH | N/A |
FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1. | |||||
CVE-2006-3189 | 1 Hotplug Cms | 1 Hotplug Cms | 2024-02-04 | 5.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
CVE-2005-2489 | 1 Web Content Management | 1 Web Content Management News System | 2024-02-04 | 7.5 HIGH | N/A |
Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php. | |||||
CVE-2004-2402 | 1 Yabb | 1 Yabb | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect. | |||||
CVE-2005-0022 | 1 University Of Cambridge | 1 Exim | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication. | |||||
CVE-2005-3318 | 1 Jed Wing | 1 Chm Lib | 2024-02-04 | 5.1 MEDIUM | N/A |
Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930. | |||||
CVE-2005-4547 | 1 Epic Designs | 1 Eggblog | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields. | |||||
CVE-2004-1258 | 1 Moinejf | 1 Abcm2ps | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via crafted ABC files. | |||||
CVE-2006-2340 | 1 Lethal Penguin | 2 Passmasterflex, Passmasterflexplus | 2024-02-04 | 5.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMasterFlexPlus (PassMasterFlex+) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password, or (3) User-Agent HTTP header in the Hack Log. | |||||
CVE-2005-3597 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3573. Reason: This candidate is a duplicate of CVE-2005-3573. A CNA error by MITRE introduced the duplicate. Notes: All CVE users should reference CVE-2005-3573 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-2284 | 1 Esi Products | 1 Webeoc | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors. | |||||
CVE-2006-2689 | 1 Eva-web | 1 Eva-web | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php. | |||||
CVE-2005-3880 | 1 Omnistar Interactive | 1 Omnistar Kbase | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in users/comments.php, (2) category_id and (3) id parameters in users/kb.php. |