Total
255170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2774 | 1 Qontentone | 1 Qontentone Cms | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_phrase parameter. | |||||
| CVE-2005-3320 | 1 Siteturn | 1 Domain Manager Pro | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script. | |||||
| CVE-2004-2285 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2022. Reason: This candidate is a duplicate of CVE-2004-2022. Notes: All CVE users should reference CVE-2004-2022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2004-2324 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx. | |||||
| CVE-2006-3135 | 1 Hotwebscripts | 1 Cms Mundo | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update. | |||||
| CVE-2006-3062 | 1 Myphp Guestbook | 1 Myphp Guestbook | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2005-1569 | 1 Directtopics | 1 Directtopics | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag. | |||||
| CVE-2005-1170 | 1 Datenbank Module | 1 Datenbank Module | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-2060 | 1 Ubbcentral | 1 Ubb.threads | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. | |||||
| CVE-2005-0923 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2024-02-04 | 2.1 LOW | N/A |
| The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share. | |||||
| CVE-2006-3559 | 1 Arif Supriyanto | 1 Auracms | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters. | |||||
| CVE-2006-3263 | 1 Mambo | 1 Mambo | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2004-2528 | 1 Webcam Corp | 1 Webcam Watchdog | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter. | |||||
| CVE-2006-3752 | 1 Professional Home Page Tools | 1 Professional Home Page Tools Guestbook | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in class.php in Professional Home Page Tools Guestbook allow remote attackers to execute arbitrary SQL commands via the (1) hidemail, (2) name, (3) mail, (4) ip, or (5) text parameters. | |||||
| CVE-2005-4490 | 1 Commercial Interactive Media | 1 Scoop | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword and (2) invalid parameter to articleSearch.asp; (3) username and (4) invalid parameter to lostPassword.asp; (5) Username, (6) Password, and (7) invalid parameter to account_login.asp; (8) area, (9) articleZoneID, (10) r, and (11) invalid parameters to category.asp; and invalid parameters to (12) articleZone.asp, (13) prePurchaserRegistration.asp, and (14) requestDemo.asp. | |||||
| CVE-2005-2500 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol. | |||||
| CVE-2006-2709 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2024-02-04 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate the source address of a message, which allows remote attackers to (1) execute arbitrary code on a client or (2) forge messages to the server. | |||||
| CVE-2005-0371 | 1 Armagetron | 2 Armagetron, Armagetron Advanced | 2024-02-04 | 5.0 MEDIUM | N/A |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data. | |||||
| CVE-2005-0315 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning. | |||||
| CVE-2005-3310 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 3.5 LOW | N/A |
| Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB. | |||||