Total
255135 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1566 | 1 Arcowave Systems | 1 Wlan Ap \+ Adsl Router | 2024-02-04 | 7.5 HIGH | N/A |
Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell. | |||||
CVE-2005-4552 | 1 Sun | 1 Solaris Pc Netlink | 2024-02-04 | 7.2 HIGH | N/A |
The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges. | |||||
CVE-2006-1494 | 1 Php | 1 Php | 2024-02-04 | 2.6 LOW | N/A |
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. | |||||
CVE-2004-2312 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. | |||||
CVE-2006-0788 | 1 Kyocera | 1 Fs-3830n | 2024-02-04 | 5.0 MEDIUM | N/A |
Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command. | |||||
CVE-2006-3089 | 1 Phpmyfactures | 1 Phpmyfactures | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) prefixe_dossier parameter in (a) /inc/header.php; (2) msg parameter in (b) /remises/ajouter_remise.php, (c) /tva/ajouter_tva.php, (d) /stocks/ajouter.php, (e) /pays/ajouter_pays.php, (f) /produits/ajouter_cat.php, (g) /produits/ajouter_produit.php and (h) /produits/modifier_cat.php; (3) tire parameter in /remises/ajouter_remise.php; (4) quantite, (5) taux and (6) date parameter in /stocks/ajouter.php; and (7) pays and (8) prefixe parameter in /pays/ajouter_pays.php. | |||||
CVE-2005-0754 | 5 Conectiva, Gentoo, Kde and 2 more | 6 Linux, Linux, Kde and 3 more | 2024-02-04 | 7.5 HIGH | N/A |
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. | |||||
CVE-2005-4677 | 1 Oscommerce | 1 Oscommerce | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php. | |||||
CVE-2006-0607 | 1 Hinton Design | 1 Phphd | 2024-02-04 | 7.5 HIGH | N/A |
check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication. | |||||
CVE-2006-3673 | 1 Armagetron | 1 Armagetron Advanced | 2024-02-04 | 5.0 MEDIUM | N/A |
nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (application crash) via a large owner value, which causes an assert error. | |||||
CVE-2006-1466 | 1 Apple | 2 Mac Os X, Xcode | 2024-02-04 | 4.0 MEDIUM | N/A |
Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. | |||||
CVE-2006-3681 | 1 Awstats | 1 Awstats | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945. | |||||
CVE-2005-0382 | 1 Breed | 1 Breed | 2024-02-04 | 5.0 MEDIUM | N/A |
Breed patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via an empty UDP packet, which triggers a null dereference. | |||||
CVE-2006-4259 | 1 Jake Olefsky | 1 Fotopholder | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this might be resultant from a directory traversal vulnerability. | |||||
CVE-2005-2440 | 1 Thomson Netg | 1 Web Skill Vantage Manager | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.asp in Thomson Web Skill Vantage Manager allows remote attackers to execute arbitrary SQL commands via the svmPassword parameter. | |||||
CVE-2005-1393 | 1 Esri | 1 Arcinfo Workstation | 2024-02-04 | 4.6 MEDIUM | N/A |
Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery. | |||||
CVE-2006-0780 | 1 Perlblog | 1 Perlblog | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters. | |||||
CVE-2006-3180 | 1 Swsoft | 1 Confixx | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||||
CVE-2005-3994 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3967. Reason: This candidate is a duplicate of CVE-2005-3967. Notes: All CVE users should reference CVE-2005-3967 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-3860 | 1 Oliver May | 1 Athena Php Website Administration | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter. |