Total
255165 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2435 | 1 Website Baker | 1 Website Baker | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | |||||
CVE-2004-2501 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating the connection. | |||||
CVE-2006-2169 | 1 Best Practical Solutions | 1 Request Tracker | 2024-02-04 | 5.0 MEDIUM | N/A |
RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. | |||||
CVE-2005-3558 | 1 Oste | 1 Oste | 2024-02-04 | 7.5 HIGH | N/A |
PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters. | |||||
CVE-2006-1784 | 1 Sphider | 1 Sphider | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. | |||||
CVE-2005-1530 | 1 Sophos | 5 Sophos Anti-virus, Sophos Mailmonitor, Sophos Mailmonitor For Notes Domino and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value. | |||||
CVE-2005-1260 | 4 Apple, Bzip, Canonical and 1 more | 4 Mac Os X, Bzip2, Ubuntu Linux and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | |||||
CVE-2005-3915 | 1 Clavister | 2 Clavister Firewall, Clavister Security Gateway | 2024-02-04 | 7.5 HIGH | N/A |
The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
CVE-2006-3746 | 1 Gnupg | 1 Gnupg | 2024-02-04 | 5.0 MEDIUM | N/A |
Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message. | |||||
CVE-2005-1291 | 1 Cartwiz | 1 Asp Cart | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp. | |||||
CVE-2006-3732 | 1 Cisco | 1 Cs-mars | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. | |||||
CVE-2005-3930 | 1 N-13 News | 1 N-13 News | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in N-13 News 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2006-1980 | 1 W2b | 1 Online Banking | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter. | |||||
CVE-2005-3136 | 1 Virtools | 1 Web Player | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename. | |||||
CVE-2006-2011 | 1 4homepages | 1 4images | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name parameter in register.php. | |||||
CVE-2005-4142 | 1 Lyris Technologies Inc | 1 Listmanager | 2024-02-04 | 7.5 HIGH | N/A |
The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability. | |||||
CVE-2006-4717 | 1 Drupal | 1 Drupal Pubcookie Module | 2024-02-04 | 7.5 HIGH | N/A |
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. | |||||
CVE-2006-0855 | 1 Rahul Dhesi | 1 Zoo | 2024-02-04 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected. | |||||
CVE-2005-1772 | 1 Atari | 1 Terminator 3 War Of The Machines | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in the client cd-key hash in Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a long client cd-key hash value, a different vulnerability than CVE-2005-1556. | |||||
CVE-2005-0629 | 1 427bb | 1 Fourtwosevenbb | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters. |