Total
255048 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3577 | 1 Lifetype | 1 Lifetype | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op. | |||||
CVE-2006-0914 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 5.5 MEDIUM | N/A |
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. | |||||
CVE-2005-0110 | 1 Microsoft | 1 Ie | 2024-02-04 | 2.6 LOW | N/A |
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. | |||||
CVE-2005-0746 | 1 Novell | 1 Ichain | 2024-02-04 | 5.0 MEDIUM | N/A |
The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command. | |||||
CVE-2004-2707 | 1 Phrozensmoke | 1 Gyach Enhanced | 2024-02-04 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses. | |||||
CVE-2005-3563 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2956. Reason: This candidate is a duplicate of CVE-2005-2956. Notes: All CVE users should reference CVE-2005-2956 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2006-2415 | 1 Flexchat | 1 Flexchat | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm. | |||||
CVE-2006-3658 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check. | |||||
CVE-2006-3755 | 1 Flushcms | 1 Flushcms | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2006-0703 | 1 Imagevue | 1 Imagevue | 2024-02-04 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter. | |||||
CVE-2006-0394 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0848. Reason: This candidate is a duplicate of CVE-2006-0848. Notes: All CVE users should reference CVE-2006-0848 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-4823 | 1 Hp | 1 Http Server | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2006-2342 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 7.5 HIGH | N/A |
IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. | |||||
CVE-2005-2762 | 1 Avaya | 1 Vpnremote | 2024-02-04 | 2.1 LOW | N/A |
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials. | |||||
CVE-2006-0562 | 1 Pluggedout | 1 Pluggedout Blog | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter. | |||||
CVE-2005-3557 | 1 Tincan | 1 Phplist | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request. | |||||
CVE-2005-2770 | 1 Wrq | 1 Wrq Reflection For Secure It Windows Server | 2024-02-04 | 7.5 HIGH | N/A |
WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. | |||||
CVE-2005-1705 | 1 Gnu | 1 Gdb | 2024-02-04 | 7.2 HIGH | N/A |
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. | |||||
CVE-2005-2030 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-02-04 | 5.0 MEDIUM | N/A |
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat. | |||||
CVE-2006-3019 | 1 Phpcms | 1 Phpcms | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. NOTE: the class.cache_phpcms.php vector was also reported to affect 1.1.7. |