Total
254974 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1327 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter. | |||||
| CVE-2006-3065 | 1 Blursoft | 1 Blur6ex | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different. | |||||
| CVE-2006-4705 | 1 Dominic Gamble | 1 Timesheet.php | 2024-02-04 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2005-3403 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php. | |||||
| CVE-2006-2411 | 1 Raydium | 1 Raydium | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client. | |||||
| CVE-2005-0806 | 1 Ximian | 1 Evolution | 2024-02-04 | 5.0 MEDIUM | N/A |
| Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames. | |||||
| CVE-2005-3058 | 1 Fortinet | 2 Fortigate, Fortios | 2024-02-04 | 7.5 HIGH | N/A |
| Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. | |||||
| CVE-2005-4314 | 1 Ppcal Shopping Cart | 1 Ppcal Shopping Cart | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters. | |||||
| CVE-2006-1656 | 1 Vserver | 1 Util-vserver | 2024-02-04 | 7.2 HIGH | N/A |
| vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root. | |||||
| CVE-2005-3420 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 7.5 HIGH | N/A |
| usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement. | |||||
| CVE-2006-2540 | 1 Dieselscripts | 1 Diesel Job Site | 2024-02-04 | 5.0 MEDIUM | N/A |
| Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers. | |||||
| CVE-2005-1774 | 1 Davfs2 | 1 Davfs2 | 2024-02-04 | 2.1 LOW | N/A |
| WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem. | |||||
| CVE-2005-2808 | 1 Frox | 1 Frox | 2024-02-04 | 7.5 HIGH | N/A |
| frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts. | |||||
| CVE-2005-2118 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 5.1 MEDIUM | N/A |
| Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. | |||||
| CVE-2005-3168 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.5 HIGH | N/A |
| The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. | |||||
| CVE-2005-4149 | 1 Lyris Technologies Inc | 1 Listmanager | 2024-02-04 | 5.0 MEDIUM | N/A |
| Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages. | |||||
| CVE-2005-0119 | 1 Helvis | 1 Helvis | 2024-02-04 | 2.1 LOW | N/A |
| helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program. | |||||
| CVE-2006-0551 | 1 Oracle | 1 Database Server | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB06 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0259 or, if it is DB05, subsumed by CVE-2006-0260. | |||||
| CVE-2006-2186 | 1 Zenphoto | 1 Zenphoto | 2024-02-04 | 5.0 MEDIUM | N/A |
| zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message. | |||||
| CVE-2005-3775 | 1 Pollvote | 1 Pollvote | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter. | |||||