Total
255097 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2716 | 1 Php Heaven | 1 Phpmychat | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | |||||
| CVE-2005-0105 | 1 Typespeed | 1 Typespeed | 2024-02-04 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges. | |||||
| CVE-2006-2228 | 1 W-agora | 1 W-agora | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events. | |||||
| CVE-2005-0733 | 1 Py Software | 1 Active Webcam | 2024-02-04 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not. | |||||
| CVE-2006-0286 | 1 Oracle | 2 Application Server, Database Server | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01. | |||||
| CVE-2005-0194 | 1 Squid | 1 Squid | 2024-02-04 | 10.0 HIGH | N/A |
| Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings. | |||||
| CVE-2005-1503 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php. | |||||
| CVE-2005-2750 | 1 Apple | 1 Mac Os X Server | 2024-02-04 | 2.1 LOW | N/A |
| Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed. | |||||
| CVE-2004-1164 | 1 Cisco | 1 Cns Network Registrar | 2024-02-04 | 5.0 MEDIUM | N/A |
| The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (process crash) via a certain "unexpected packet sequence." | |||||
| CVE-2005-2252 | 1 Gianluca Baldo | 1 Phpauction | 2024-02-04 | 7.5 HIGH | N/A |
| PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID. | |||||
| CVE-2006-3491 | 1 Christophe Thibault | 1 Kaillera | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows remote attackers to execute arbitrary code via a long nickname. | |||||
| CVE-2006-1051 | 1 Akarru | 1 Social Bookmarking Engine | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php. | |||||
| CVE-2005-3053 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
| The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument. | |||||
| CVE-2006-3430 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | |||||
| CVE-2006-2203 | 1 Kerio | 1 Kerio Mailserver | 2024-02-04 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." | |||||
| CVE-2005-1627 | 1 Viewglob | 1 Viewglob | 2024-02-04 | 2.1 LOW | N/A |
| Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact. | |||||
| CVE-2005-1696 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-04 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module. | |||||
| CVE-2004-1075 | 1 Zwiki | 1 Zwiki | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message. | |||||
| CVE-2005-3150 | 1 Weex | 1 Weex | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames. | |||||
| CVE-2006-1867 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02. | |||||