Total
255141 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-3529 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 5.0 MEDIUM | N/A |
tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. | |||||
CVE-2005-0088 | 1 Apache | 1 Mod Python | 2024-02-04 | 7.5 HIGH | N/A |
The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL. | |||||
CVE-2005-2460 | 1 Kayako | 1 Liveresponse | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message. | |||||
CVE-2005-2157 | 1 Nabocorp | 1 Nabopoll | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter. | |||||
CVE-2006-1257 | 1 Microsoft | 1 Commerce Server | 2024-02-04 | 7.5 HIGH | N/A |
The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. | |||||
CVE-2005-3031 | 1 Cambridge Computer Corporation | 1 Vxftpsrv | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute arbitrary code via a long USER name. | |||||
CVE-2005-1439 | 1 Osticket | 1 Osticket | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter. | |||||
CVE-2006-3959 | 1 X-scripts | 1 X-statistics | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter. | |||||
CVE-2004-1115 | 1 Gentoo | 1 Linux | 2024-02-04 | 7.2 HIGH | N/A |
The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||||
CVE-2006-1463 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value. | |||||
CVE-2004-2400 | 1 Winftp Server | 1 Winftp Server | 2024-02-04 | 2.1 LOW | N/A |
WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials. | |||||
CVE-2005-4210 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title. | |||||
CVE-2005-3916 | 1 Wsn Forum | 1 Wsn Forum | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action. | |||||
CVE-2005-4766 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.4 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic. | |||||
CVE-2005-4462 | 1 Tolva | 1 Tolva | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter. | |||||
CVE-2006-3623 | 1 Mcafee | 1 Epolicy Orchestrator Agent | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request. | |||||
CVE-2006-3843 | 1 Mambo | 1 Mambo Calendar | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
CVE-2005-3323 | 2 Debian, Zope | 2 Debian Linux, Zope | 2024-02-04 | 7.5 HIGH | N/A |
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. | |||||
CVE-2006-1349 | 1 Musicbox | 1 Musicbox | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php. | |||||
CVE-2006-4762 | 1 Rssreader | 1 Rssreader | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. |