Total
255141 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3167 | 1 Free Realty | 1 Free Realty | 2024-02-04 | 5.0 MEDIUM | N/A |
| Free Realty before 2.9 allows remote attackers to obtain the full path and other sensitive information via unspecified manipulations that produce an error message. | |||||
| CVE-2005-2563 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template. | |||||
| CVE-2005-3179 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
| drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information. | |||||
| CVE-2005-3728 | 1 Revize Cms | 1 Revize Cms | 2024-02-04 | 5.0 MEDIUM | N/A |
| Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information. | |||||
| CVE-2005-1934 | 1 Rob Flynn | 1 Gaim | 2024-02-04 | 5.0 MEDIUM | N/A |
| Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error. | |||||
| CVE-2005-4433 | 1 Esselbach Internet Solutions | 1 Esselbach Storyteller Cms | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Search field. | |||||
| CVE-2006-4010 | 1 Vwar | 1 Virtual War | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139. | |||||
| CVE-2005-0174 | 1 Squid | 1 Squid | 2024-02-04 | 5.0 MEDIUM | N/A |
| Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters. | |||||
| CVE-2005-1411 | 1 Cybration | 1 Icuii | 2024-02-04 | 4.6 MEDIUM | N/A |
| Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges. | |||||
| CVE-2006-3613 | 1 Chamberland Technology | 1 Ezwaiter Online | 2024-02-04 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this item for?") and (2) special (aka "Special Instructions") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php. | |||||
| CVE-2005-4840 | 1 Microsoft | 2 Internet Explorer, Outlook Express Book Control | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. | |||||
| CVE-2005-0598 | 1 Cisco | 10 Application And Content Networking Software, Content Delivery Manager, Content Distribution Manager 4630 and 7 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets. | |||||
| CVE-2006-1831 | 1 Coder-world | 1 Sysinfo | 2024-02-04 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php. | |||||
| CVE-2006-2798 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php. | |||||
| CVE-2005-0261 | 1 Ibm | 1 Aix | 2024-02-04 | 2.1 LOW | N/A |
| lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files. | |||||
| CVE-2006-3284 | 1 Datetopia | 1 Dating Agent Pro | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php. | |||||
| CVE-2004-0897 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2024-02-04 | 10.0 HIGH | N/A |
| The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. | |||||
| CVE-2006-1094 | 2 Datenbank Module, Woltlab | 2 Datenbank Module, Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php. | |||||
| CVE-2006-1232 | 1 Dsportal | 1 Dsdownload | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php. | |||||
| CVE-2005-3389 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. | |||||