Total
254954 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2932 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux Desktop | 2024-02-04 | 4.9 MEDIUM | N/A |
A regression error in the restore_all code path of the 4/4GB split support for non-hugemem Linux kernels on Red Hat Linux Desktop and Enterprise Linux 4 allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
CVE-2004-0972 | 2 Gentoo, Lvm | 2 Linux, Logical Volume Management Utilities | 2024-02-04 | 2.1 LOW | N/A |
The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2005-1417 | 1 Maxwebportal | 1 Maxwebportal | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp. | |||||
CVE-2005-4597 | 1 Epistream | 1 Ipei Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 1.7 allows remote attackers to inject arbitrary web script or HTML via the email parameter, as used by the email field, when signing a guestbook. | |||||
CVE-2005-3800 | 1 Macromedia | 1 Contribute Publishing Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information. | |||||
CVE-2005-4203 | 1 Logisphere | 1 Logisphere | 2024-02-04 | 7.8 HIGH | N/A |
LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a large number of messages via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this description accurately reflects the discloser's claim and is distinct from the XSS issue. | |||||
CVE-2006-0888 | 1 Invision Power Services | 1 Invision Power Board | 2024-02-04 | 2.6 LOW | N/A |
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. | |||||
CVE-2006-2198 | 2 Openoffice, Sun | 2 Openoffice, Staroffice | 2024-02-04 | 7.6 HIGH | N/A |
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. | |||||
CVE-2004-2723 | 1 Nessus | 1 Nessuswx | 2024-02-04 | 2.1 LOW | N/A |
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | |||||
CVE-2005-4322 | 1 Hitachi | 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components. | |||||
CVE-2005-0732 | 1 Py Software | 1 Active Webcam | 2024-02-04 | 5.0 MEDIUM | N/A |
PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to obtain the full path of the web server via a request for a non-existent filename, which leaks the full path in an error message. | |||||
CVE-2005-2606 | 1 Phlymail | 1 Phlymail | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors. | |||||
CVE-2006-1436 | 1 Upoint | 1 At1 Event Publisher | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.htm. | |||||
CVE-2005-2691 | 1 Runcms | 1 Runcms | 2024-02-04 | 7.5 HIGH | N/A |
includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. | |||||
CVE-2006-1669 | 1 Phpheaven | 1 Phpmychat | 2024-02-04 | 6.4 MEDIUM | N/A |
SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue. | |||||
CVE-2005-3585 | 1 Phpwebthings | 1 Phpwebthings | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter. | |||||
CVE-2005-2651 | 1 Phpoutsourcing | 1 Zorum | 2024-02-04 | 7.5 HIGH | N/A |
gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter. | |||||
CVE-2006-1281 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. | |||||
CVE-2006-1032 | 1 Phprpc | 1 Phprpc | 2024-02-04 | 7.5 HIGH | N/A |
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag. | |||||
CVE-2006-0141 | 1 Eudora | 1 Internet Mail Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file. |