Total
255104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2757 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) start parameter in (a) index.php; (2) forumID parameter in index.php, (b) newtopic.php, and (c) reply.php; and (3) ID parameter to (d) edit.php. | |||||
| CVE-2005-3855 | 1 Easybe | 1 1-2-3 Music Store | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. | |||||
| CVE-2005-1791 | 1 Microsoft | 1 Ie | 2024-02-04 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE. | |||||
| CVE-2004-2371 | 1 Redstorm | 3 Desert Siege, Ghost Recon, The Sum Of All Fears | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple Red Storm web-based games, including Ghost Recon 1.4 and earlier, Desert Siege, and The Sum of all Fears 1.1.1.0 and earlier, do not properly check return values from certain functions, which allows remote attackers to cause a denial of service (hang) via packets that contain text strings with incorrect size values. | |||||
| CVE-2004-2719 | 1 Foxmail | 1 Foxmail | 2024-02-04 | 6.8 MEDIUM | N/A |
| Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339. | |||||
| CVE-2006-1672 | 1 Cisco | 5 Ons 15310-cl Series, Ons 15454 Mspp, Ons 15600 and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
| The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049. | |||||
| CVE-2006-2007 | 1 Winny | 1 Winny | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port. | |||||
| CVE-2006-2870 | 1 Intelligent Solutions | 1 Asp Discussion Forum | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable. | |||||
| CVE-2005-4263 | 1 Envolution | 1 Envolution | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter. | |||||
| CVE-2005-3953 | 1 Bedeng Psp | 1 Bedeng Psp | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php. | |||||
| CVE-2006-1741 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Mozilla Suite and 1 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | |||||
| CVE-2005-2288 | 1 Phpcounter | 1 Phpcounter | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter. | |||||
| CVE-2005-0081 | 1 Mysql | 1 Maxdb | 2024-02-04 | 5.0 MEDIUM | N/A |
| MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers. | |||||
| CVE-2006-0948 | 1 Aol | 1 Aol | 2024-02-04 | 7.2 HIGH | N/A |
| AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. | |||||
| CVE-2005-0848 | 1 Funlabs | 9 4x4 Off-road Adventure Iii, Cabelas Big Game Hunter 2004 Season, Cabelas Big Game Hunter 2005 and 6 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl. | |||||
| CVE-2005-4091 | 1 1-script | 1 1-search | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-4033 | 1 Lhaplus | 1 Lhaplus | 2024-02-04 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize. | |||||
| CVE-2005-2302 | 1 Powerdns | 1 Powerdns | 2024-02-04 | 2.1 LOW | N/A |
| PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion. | |||||
| CVE-2006-3317 | 1 Spiffyjr | 1 Phpraid | 2024-02-04 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116. | |||||
| CVE-2005-4295 | 1 Xigla | 1 Absolute Image Gallery Xe | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||