Total
254980 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2647 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands. | |||||
| CVE-2004-2604 | 1 Phproxy | 1 Phproxy | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter. | |||||
| CVE-2005-0904 | 1 Microsoft | 1 Windows Xp | 2024-02-04 | 2.1 LOW | N/A |
| Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe. | |||||
| CVE-2004-2696 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.5 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. | |||||
| CVE-2006-1919 | 1 Thomas Voecking | 1 Internet Photoshow | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2004-1176 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2005-2236 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
| Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments. | |||||
| CVE-2006-0859 | 1 Michael Salzer | 1 Guestbox | 2024-02-04 | 5.0 MEDIUM | N/A |
| Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter. | |||||
| CVE-2006-0118 | 1 Ibm | 3 Lotus Domino, Lotus Domino Enterprise Server, Lotus Notes | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas. | |||||
| CVE-2005-3328 | 1 Punbb | 1 Punbb | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. | |||||
| CVE-2005-2785 | 1 Cosmoshop | 1 Cosmoshop | 2024-02-04 | 2.1 LOW | N/A |
| cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information. | |||||
| CVE-2006-3213 | 1 Webboa | 1 Webboa | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp. | |||||
| CVE-2005-3740 | 1 Php Fusion | 1 Php Fusion | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php. | |||||
| CVE-2004-1159 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1122, CVE-2004-1314. Reason: this was an out-of-band assignment duplicate intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2004-1122 and CVE-2004-1314 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2006-4019 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 6.4 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. | |||||
| CVE-2006-4216 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4159. Reason: This candidate is a duplicate of CVE-2006-4159. Notes: All CVE users should reference CVE-2006-4159 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2006-3744 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. | |||||
| CVE-2006-1570 | 1 Esqlanelapse | 1 Esqlanelapse | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-0971 | 1 Lionel Reyero | 1 Directcontact | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2006-2808 | 1 Lycos | 1 Htmlgear Guestgear | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. | |||||