Total
255042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0389 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0814. Reason: This candidate is a duplicate of CVE-2005-0814. Notes: All CVE users should reference CVE-2005-0814 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-4642 | 1 Hydrobb | 1 Hydrobb | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) search.php, (2) members.php, (3) stats.php, (4) viewforum.php, (5) register.php, (6) usercp.php, (7) groups.php, (8) pms.php, and (9) calendar.php. | |||||
CVE-2006-1146 | 1 Cor Entertainment | 1 Alien Arena 2006 | 2024-02-04 | 6.5 MEDIUM | N/A |
Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server. | |||||
CVE-2005-4736 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 6.8 MEDIUM | N/A |
IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | |||||
CVE-2006-3321 | 1 2enetworx | 1 Openforum | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters. | |||||
CVE-2005-4767 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.1 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password. | |||||
CVE-2006-4082 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2024-02-04 | 7.2 HIGH | N/A |
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. | |||||
CVE-2005-1551 | 1 Sophos | 1 Sophos Anti-virus | 2024-02-04 | 5.1 MEDIUM | N/A |
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot. | |||||
CVE-2005-2987 | 1 Digital Scribe | 1 Digital Scribe | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2005-2870 | 1 Sun | 1 Solaris | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses. | |||||
CVE-2006-1840 | 1 Empire Server | 1 Empire Server | 2024-02-04 | 6.4 MEDIUM | N/A |
Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. | |||||
CVE-2006-1832 | 1 Coder-world | 1 Sysinfo | 2024-02-04 | 5.0 MEDIUM | N/A |
sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action. | |||||
CVE-2006-3624 | 1 Flv | 1 Flv Player | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 allow remote attackers to inject arbitrary web script or HTML via the url parameter to (1) player.php or (2) popup.php. | |||||
CVE-2005-0011 | 1 Kde | 1 Kde | 2024-02-04 | 10.0 HIGH | N/A |
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows. | |||||
CVE-2005-2865 | 1 Amember | 1 Amember | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.php, (3) theinternetcommerce.inc.php, (4) cdg.inc.php, (5) compuworld.inc.php, (6) directone.inc.php, (7) authorize_aim.inc.php, (8) beanstream.inc.php, (9) config.inc.php, (10) eprocessingnetwork.inc.php, (11) eway.inc.php, (12) linkpoint.inc.php, (13) logiccommerce.inc.php, (14) netbilling.inc.php, (15) payflow_pro.inc.php, (16) paymentsgateway.inc.php, (17) payos.inc.php, (18) payready.inc.php, or (19) plugnplay.inc.php. | |||||
CVE-2005-4260 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 4.3 MEDIUM | N/A |
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke. | |||||
CVE-2006-3565 | 1 Hivemail | 1 Hivemail | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter. | |||||
CVE-2006-1071 | 1 Dvguestbook | 1 Dvguestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
CVE-2005-1521 | 1 Gnu | 1 Mailutils | 2024-02-04 | 7.5 HIGH | N/A |
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow. | |||||
CVE-2005-4407 | 1 Tmc Visionpool | 1 Mercury Cms | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters. |