Total
255086 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 5.0 MEDIUM | N/A |
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | |||||
CVE-2005-2304 | 1 Microsoft | 2 Internet Explorer, Live Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count. | |||||
CVE-2005-0077 | 4 Debian, Gentoo, Redhat and 1 more | 5 Debian Linux, Linux, Enterprise Linux and 2 more | 2024-02-04 | 2.1 LOW | N/A |
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. | |||||
CVE-2006-0450 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 5.0 MEDIUM | N/A |
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. | |||||
CVE-2005-3865 | 1 Scripts-templates | 1 Allweb Search | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
CVE-2006-2663 | 1 Ifusionservices | 1 Iflance | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php. | |||||
CVE-2006-4302 | 1 Sun | 2 J2se, Java Web Start | 2024-02-04 | 5.0 MEDIUM | N/A |
The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities. | |||||
CVE-2006-2260 | 1 Drupal | 1 Drupal | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
CVE-2005-3495 | 1 Ar-blog | 1 Ar-blog | 2024-02-04 | 7.5 HIGH | N/A |
Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies. | |||||
CVE-2005-2947 | 1 Killprocess | 1 Killprocess | 2024-02-04 | 5.1 MEDIUM | N/A |
Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource. | |||||
CVE-2005-1895 | 1 Flatnuke | 1 Flatnuke | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php. | |||||
CVE-2005-0283 | 1 David Barrett | 1 Qwikiwiki | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter. | |||||
CVE-2006-2264 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2024-02-04 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro 1.00 allow remote attackers to execute arbitrary SQL commands via the (1) date parameter to admin/main.asp, (2) SearchFor parameter to admin/view.asp, or (3) ID parameter to admin/edit.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2004-1133 | 1 Microsoft | 1 W3who.dll | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. | |||||
CVE-2006-0924 | 1 Brown Bear Software | 1 Ical | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-4025 | 1 Xennobb | 1 Xennobb | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section. | |||||
CVE-2006-3587 | 1 Adobe | 1 Flash Player | 2024-02-04 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors. | |||||
CVE-2005-2100 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2024-02-04 | 2.1 LOW | N/A |
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). | |||||
CVE-2004-2284 | 1 Open Webmail | 1 Open Webmail | 2024-02-04 | 10.0 HIGH | N/A |
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. | |||||
CVE-2006-3393 | 1 Electronic Arts | 1 Nascar Racing | 2024-02-04 | 7.8 HIGH | N/A |
Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket. |