Total
255018 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2462 | 1 Kayako | 1 Liveresponse | 2024-02-04 | 2.1 LOW | N/A |
Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. | |||||
CVE-2005-1817 | 1 Invision Power Services | 1 Invision Board | 2024-02-04 | 5.0 MEDIUM | N/A |
Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters. | |||||
CVE-2006-1616 | 1 Advanced Poll | 1 Advanced Poll | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. | |||||
CVE-2005-3991 | 1 Phpheaven | 1 Phpmychat | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.css.php; or the From parameter to users_popupL.php. | |||||
CVE-2006-2108 | 1 Oce North America | 2 3121 Printer, 3122 Printer | 2024-02-04 | 7.8 HIGH | N/A |
parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow. | |||||
CVE-2005-2414 | 1 Xpcom | 1 Xpcom | 2024-02-04 | 2.6 LOW | N/A |
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted. | |||||
CVE-2004-0921 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2024-02-04 | 7.5 HIGH | N/A |
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets. | |||||
CVE-2006-0695 | 1 Ansilove | 1 Ansilove | 2024-02-04 | 7.5 HIGH | N/A |
Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory. | |||||
CVE-2006-4494 | 1 Microsoft | 1 Visual Studio | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll. | |||||
CVE-2006-4549 | 1 Chxo | 1 Feedsplitter | 2024-02-04 | 5.0 MEDIUM | N/A |
CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified. | |||||
CVE-2005-0709 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 4.6 MEDIUM | N/A |
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. | |||||
CVE-2005-4665 | 1 Punbb | 1 Punbb | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. | |||||
CVE-2005-0855 | 1 Coolforum | 1 Coolforum | 2024-02-04 | 10.0 HIGH | N/A |
CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message. | |||||
CVE-2005-0938 | 1 Uapplication | 1 Ublog Reload | 2024-02-04 | 5.0 MEDIUM | N/A |
Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb. | |||||
CVE-2005-4324 | 1 Hitachi | 1 Groupmax Mail Smtp | 2024-02-04 | 7.8 HIGH | N/A |
Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format." | |||||
CVE-2005-4290 | 1 Soft4e | 1 Ecw-cart | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters. | |||||
CVE-2006-2093 | 1 Nessus | 1 Nessus | 2024-02-04 | 2.6 LOW | N/A |
Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory. | |||||
CVE-2005-2453 | 1 Networkactiv | 1 Networkactiv Web Server | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
CVE-2005-2051 | 1 Symantec Veritas | 1 Backup Exec | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. 5484 allows remote attackers to execute arbitrary code. | |||||
CVE-2006-1088 | 1 Php-stats | 1 Php-stats | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix. |