Total
255134 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-4402 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2024-02-04 | 6.5 MEDIUM | N/A |
Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command. | |||||
CVE-2006-0959 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. | |||||
CVE-2005-1451 | 1 S9y | 1 Serendipity | 2024-02-04 | 7.5 HIGH | N/A |
The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. | |||||
CVE-2005-2671 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2041. Reason: This candidate is a duplicate of CVE-2005-2041. Notes: All CVE users should reference CVE-2005-2041 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-0446 | 1 Squid | 1 Squid | 2024-02-04 | 5.0 MEDIUM | N/A |
Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure. | |||||
CVE-2005-4040 | 1 Tawbaware | 1 Filelister | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp. | |||||
CVE-2006-4500 | 1 Ztml | 1 Ezportal Ztml Cms | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters. | |||||
CVE-2006-1277 | 1 Upoint | 1 At1 File Store | 2024-02-04 | 5.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login parameters. | |||||
CVE-2006-0454 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value. | |||||
CVE-2006-3698 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER. | |||||
CVE-2006-0266 | 1 Oracle | 1 Database Server | 2024-02-04 | 9.0 HIGH | N/A |
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19. | |||||
CVE-2005-4657 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2024-02-04 | 7.5 HIGH | N/A |
Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-3153 | 1 Thinkfactory | 1 Ultimate Estate | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
CVE-2005-2110 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 5.0 MEDIUM | N/A |
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1. | |||||
CVE-2006-1948 | 1 Ibm | 1 Lotus Notes | 2024-02-04 | 4.0 MEDIUM | N/A |
The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient. | |||||
CVE-2005-2881 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2024-02-04 | 7.5 HIGH | N/A |
phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory. | |||||
CVE-2004-1290 | 1 William Hoggarth | 1 Pgn2web | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a crafted PGN file. | |||||
CVE-2006-1360 | 1 Musicbox | 1 Musicbox | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php. | |||||
CVE-2005-0986 | 1 Ibm | 1 Lotus Domino Server | 2024-02-04 | 5.0 MEDIUM | N/A |
NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue. | |||||
CVE-2006-2463 | 1 Out Of The Trees Web Design | 1 Selectapix | 2024-02-04 | 5.0 MEDIUM | N/A |
view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter. |