Total
255134 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2021 | 1 Asteriskathome | 1 Asteriskathome | 2024-02-04 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files. | |||||
CVE-2005-1710 | 1 Bluecoat | 1 Reporter | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page. | |||||
CVE-2006-1837 | 1 Clanscripte.net | 1 Fuju News | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
CVE-2005-0988 | 7 Freebsd, Gentoo, Gnu and 4 more | 13 Freebsd, Linux, Gzip and 10 more | 2024-02-04 | 3.7 LOW | N/A |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | |||||
CVE-2005-3926 | 1 Guppy | 1 Guppy | 2024-02-04 | 7.5 HIGH | N/A |
Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script. | |||||
CVE-2006-3525 | 1 Phpcredo | 1 Phcdownload | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2005-1670 | 1 Extremenetworks | 3 Blackdiamond 10808, Blackdiamond 8800, Extremeware Xos | 2024-02-04 | 4.6 MEDIUM | N/A |
Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands. | |||||
CVE-2006-0180 | 1 Calogic | 1 Calogic Calendars | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags. | |||||
CVE-2005-4567 | 1 Floosietek | 1 Ftgate | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (Build 4.4.000 Oct 26 2005) allow remote attackers to inject arbitrary web script or HTML by sending (1) the href parameter to index.fts, or the param1 parameter to (2) /domains/index.fts, (3) /config/licence.fts, or (4) /config/systemacl.fts. | |||||
CVE-2005-2072 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.2 HIGH | N/A |
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. | |||||
CVE-2006-0206 | 1 Light Weight Calendar | 1 Light Weight Calendar | 2024-02-04 | 7.5 HIGH | N/A |
Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php. | |||||
CVE-2005-2883 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2855. Reason: This candidate is a duplicate of CVE-2005-2855. Notes: All CVE users should reference CVE-2005-2855 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2006-2284 | 2 Claroline, Dokeos | 2 Claroline, Dokeos | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php. | |||||
CVE-2005-3292 | 1 Xeobook | 1 Xeobook | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>. | |||||
CVE-2005-4256 | 1 Asp-dev | 1 Xm Forum | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. In addition, its accuracy is in question because "forum_title" does not appear to be specified in the source code for XM Forum RC3. It is possible, but not certain, that this is CVE-2004-2211. | |||||
CVE-2005-4205 | 1 Locazo | 1 Locazolist Classifieds | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
CVE-2005-4607 | 1 Incogen | 1 Bugport | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters. | |||||
CVE-2005-1083 | 1 Aewebworks | 1 Aedating | 2024-02-04 | 5.0 MEDIUM | N/A |
index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter. | |||||
CVE-2005-1242 | 1 Bsafe | 1 Global Security | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
CVE-2006-2485 | 1 Quezza | 1 Quezza Bb | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter. |