Total
255052 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1372 | 1 Benson It Solutions | 1 1webcalendar | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm. | |||||
CVE-2005-4044 | 1 Mr. Cgi Guy | 1 Amazon Search Directory | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter. | |||||
CVE-2006-0814 | 1 Lighttpd | 1 Lighttpd | 2024-02-04 | 5.0 MEDIUM | N/A |
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. | |||||
CVE-2006-1438 | 1 Andy Grayndler | 1 Andys Php Knowledgebase | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php. | |||||
CVE-2005-2053 | 1 Salims Softhouse | 1 Jaf Cms | 2024-02-04 | 5.0 MEDIUM | N/A |
Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability. | |||||
CVE-2006-1226 | 1 Drupal | 1 Drupal | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
CVE-2005-1685 | 1 Episodex | 1 Episodex Guestbook | 2024-02-04 | 7.5 HIGH | N/A |
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp. | |||||
CVE-2006-1806 | 1 Musicbox | 1 Musicbox | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action. | |||||
CVE-2005-2633 | 1 Phptb | 1 Topic Boards | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter. | |||||
CVE-2004-2439 | 1 Hp | 17 Color Laserjet, Color Laserjet 4600, Laserjet 2500 and 14 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware. | |||||
CVE-2005-1856 | 1 Sukria | 1 Backup Manager | 2024-02-04 | 2.1 LOW | N/A |
The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack. | |||||
CVE-2006-1828 | 1 Php121 | 1 Php121 Instant Messenger | 2024-02-04 | 5.1 MEDIUM | N/A |
SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement. | |||||
CVE-2005-0141 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-04 | 2.6 LOW | N/A |
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab. | |||||
CVE-2005-1665 | 1 Microsoft | 1 Asp.net | 2024-02-04 | 5.0 MEDIUM | N/A |
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup. | |||||
CVE-2006-0725 | 1 Plume-cms | 1 Plume Cms | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645. | |||||
CVE-2006-1258 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. | |||||
CVE-2004-1203 | 1 Phpcms | 1 Phpcms | 2024-02-04 | 5.0 MEDIUM | N/A |
parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path. | |||||
CVE-2005-0575 | 1 Stormy Studios | 1 Knet | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request. | |||||
CVE-2006-2349 | 1 Oasyssoft | 1 E-business Designer | 2024-02-04 | 6.8 MEDIUM | N/A |
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, or (3) common/html_editor/html_editor.html. NOTE: this can also be used for cross-site scripting (XSS) attacks by uploading cascading style sheet (.CSS) files. | |||||
CVE-2006-2654 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier. |