Total
254946 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2742 | 1 Drupal | 1 Drupal | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc. | |||||
CVE-2006-2052 | 1 Verosky Media | 1 Instant Photo Gallery | 2024-02-04 | 5.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product. | |||||
CVE-2005-4388 | 1 Contens | 1 Contens | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the near parameter. | |||||
CVE-2006-2650 | 1 Cosmicphp | 1 Cosmicshoppingcart | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter. | |||||
CVE-2006-2347 | 1 Oasyssoft | 1 E-business Designer | 2024-02-04 | 5.0 MEDIUM | N/A |
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection. | |||||
CVE-2005-4067 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4031. Reason: This candidate is a reservation duplicate of CVE-2005-4031. Notes: All CVE users should reference CVE-2005-4031 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2006-1447 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file. | |||||
CVE-2005-3702 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | |||||
CVE-2005-1220 | 1 Knusperleicht | 1 Shoutbox Script | 2024-02-04 | 7.5 HIGH | N/A |
Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes. | |||||
CVE-2005-0538 | 1 Ginp | 1 Ginp | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in (1) GinpPictureServlet.java and (2) PicCollection.java in ginp (Java Photo Gallery Web Application) before 0.22 allows remote attackers to read arbitrary files. | |||||
CVE-2005-0666 | 1 The Pax Team | 1 Pax Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code. | |||||
CVE-2004-2711 | 1 Phrozensmoke | 1 Gyach Enhanced | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retrieval." | |||||
CVE-2005-0092 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2024-02-04 | 2.1 LOW | N/A |
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash). | |||||
CVE-2006-0029 | 1 Microsoft | 2 Excel, Office | 2024-02-04 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. | |||||
CVE-2006-0163 | 1 Francisco Burzi | 1 Php-nuke Ev | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. | |||||
CVE-2005-3454 | 1 Oracle | 1 Collaboration Suite | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7) OCS07, (8) OCS08, (9) OCS09, and (10) OCS10 for Email Server; and (11) OCS11, (12) OCS12, and (13) OCS13 for Oracle Files. | |||||
CVE-2006-1461 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file. | |||||
CVE-2004-2421 | 1 Hitachi | 3 Jp1 P-1b41-9461, Jp1 P-1b41-9471, Jp1 P-1j41-9471 | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights. | |||||
CVE-2005-1936 | 1 Xerox | 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access." | |||||
CVE-2005-3640 | 1 Floosietek | 1 Ftgate | 2024-02-04 | 10.0 HIGH | N/A |
Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command. |