Total
254946 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1594 | 1 Claroline | 1 Claroline | 2024-02-04 | 7.5 HIGH | N/A |
Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php. | |||||
CVE-2005-1126 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 2.1 LOW | N/A |
The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. | |||||
CVE-2005-0158 | 1 Bidwatcher | 1 Bidwatcher | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses. | |||||
CVE-2005-3049 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-02-04 | 5.0 MEDIUM | N/A |
PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file. | |||||
CVE-2005-1656 | 1 Mercur | 1 Mercur Messaging | 2024-02-04 | 5.0 MEDIUM | N/A |
Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20"). | |||||
CVE-2004-0976 | 1 Larry Wall | 1 Perl | 2024-02-04 | 2.1 LOW | N/A |
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2005-4697 | 1 Microsoft | 1 Windows Xp | 2024-02-04 | 2.1 LOW | N/A |
The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. | |||||
CVE-2006-0579 | 1 Mplayer | 1 Mplayer | 2024-02-04 | 7.5 HIGH | N/A |
Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
CVE-2006-2645 | 1 Plume-cms | 1 Plume Cms | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725. | |||||
CVE-2005-4299 | 1 Atlantpro.com | 1 Atlant Pro | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters. | |||||
CVE-2006-2846 | 1 Visiongate | 1 Visiongate Portal System | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-2533 | 1 Greg Donald | 1 Destiney Rated Images Script | 2024-02-04 | 5.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag. | |||||
CVE-2005-4071 | 1 Cfmagic | 1 Magic Forum Personal | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | |||||
CVE-2005-1911 | 1 Leafnode | 1 Leafnode | 2024-02-04 | 5.0 MEDIUM | N/A |
The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang while waiting for input that never arrives, which allows remote NNTP servers to cause a denial of service (news loss). | |||||
CVE-2005-3346 | 1 Osh | 1 Osh | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call. | |||||
CVE-2005-4596 | 1 Ades Design | 1 Adesguestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter. | |||||
CVE-2006-1817 | 1 The War Forge | 1 Warforge.news | 2024-02-04 | 2.6 LOW | N/A |
SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie. | |||||
CVE-2004-2334 | 1 Emumail | 1 Emu Webmail | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page. | |||||
CVE-2006-1480 | 1 Duda | 1 Webalbum | 2024-02-04 | 5.1 MEDIUM | N/A |
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter. | |||||
CVE-2005-1693 | 3 Broadcom, Ca, Zonelabs | 14 Etrust Antivirus, Etrust Antivirus Ee, Etrust Ez Armor and 11 more | 2024-02-04 | 10.0 HIGH | N/A |
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow. |