Total
255048 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2523 | 1 Smartisoft | 1 Phplistpro | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie. | |||||
CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2024-02-04 | 10.0 HIGH | N/A |
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | |||||
CVE-2006-2677 | 1 Sitescape | 1 Sitescape Forum | 2024-02-04 | 5.0 MEDIUM | N/A |
SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information. | |||||
CVE-2005-0725 | 1 Wf-sections | 1 Wf-sections | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php. | |||||
CVE-2005-3138 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 5.0 MEDIUM | N/A |
Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. | |||||
CVE-2006-4658 | 1 Panda | 1 Panda Platinum Internet Security | 2024-02-04 | 5.0 MEDIUM | N/A |
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns. | |||||
CVE-2005-1892 | 1 Flatnuke | 1 Flatnuke | 2024-02-04 | 6.4 MEDIUM | N/A |
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message. | |||||
CVE-2006-1946 | 1 Visale | 1 Visale | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi. | |||||
CVE-2005-0893 | 1 Smail | 1 Smail | 2024-02-04 | 7.6 HIGH | N/A |
modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc. | |||||
CVE-2005-3128 | 1 Squirrelmail | 1 Address Add Plugin | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. | |||||
CVE-2006-2747 | 1 Fredi Bach | 1 Phpmydesktop Arcade | 2024-02-04 | 5.1 MEDIUM | N/A |
Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo. | |||||
CVE-2006-1942 | 3 K-meleon Project, Mozilla, Netscape | 3 K-meleon, Firefox, Navigator | 2024-02-04 | 5.1 MEDIUM | N/A |
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." | |||||
CVE-2005-1942 | 1 Cisco | 1 Catalyst | 2024-02-04 | 7.5 HIGH | N/A |
Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages. | |||||
CVE-2006-4322 | 1 Bits-dont-bite | 1 Estateagent | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2005-4447 | 1 Coinsoft Technologies | 1 Phpcoin | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter. NOTE: the original disclosure suggests that command injection is not feasible because the injection occurs after an "ORDER BY" clause, but it is likely that this bug could result in an error message path disclosure due to a syntax error, in some environments. Therefore this is an exposure and should be included in CVE. | |||||
CVE-2005-0142 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-04 | 2.1 LOW | N/A |
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF. | |||||
CVE-2005-3906 | 1 Sun | 2 Jdk, Jre | 2024-02-04 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003. | |||||
CVE-2005-1025 | 1 Ibm | 1 Iseries As 400 | 2024-02-04 | 5.0 MEDIUM | N/A |
The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | |||||
CVE-2005-0362 | 1 Awstats | 1 Awstats | 2024-02-04 | 4.6 MEDIUM | N/A |
awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters. | |||||
CVE-2005-3903 | 1 Sco | 1 Unixware | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S (scheme) argument that specifies a large file, a different vulnerability than CVE-2001-1063. |