Total
254946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2006 | 1 Ivan Zahariev | 1 Izarc | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-3947 | 1 Mambo | 1 Mambatstaff | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2004-2524 | 1 Whm Autopilot | 1 Whm Autopilot | 2024-02-04 | 5.0 MEDIUM | N/A |
| clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form. | |||||
| CVE-2004-2665 | 1 Hp | 1 Hp-ux | 2024-02-04 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2006-3045 | 1 Teake Nutma | 1 Foing | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in manage_songs.php in Foing 0.7.0e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter. | |||||
| CVE-2006-0877 | 1 Easy Forum | 1 Easy Forum | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable. | |||||
| CVE-2005-4627 | 2 Gfhost, Gmailsite | 2 Gfhost, Gmailsite | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. | |||||
| CVE-2004-2635 | 1 Mcafee | 1 Security Installer Control System | 2024-02-04 | 7.5 HIGH | N/A |
| An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method. | |||||
| CVE-2005-1368 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 1.2 LOW | N/A |
| The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP. | |||||
| CVE-2005-3450 | 1 Oracle | 1 Application Server | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as identified by Oracle Vuln# AS04. | |||||
| CVE-2006-3736 | 1 Mambo | 1 Videodb | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-1628 | 1 Adobe | 1 Livecycle Form Manager | 2024-02-04 | 4.6 MEDIUM | N/A |
| Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system. | |||||
| CVE-2006-3218 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2006-4444 | 1 Cybozu | 1 Garoon | 2024-02-04 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality. | |||||
| CVE-2006-3413 | 1 Tor | 1 Tor | 2024-02-04 | 5.0 MEDIUM | N/A |
| The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information. | |||||
| CVE-2006-4190 | 1 Php-nuke | 1 Autohtml Module | 2024-02-04 | 2.1 LOW | N/A |
| Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation. | |||||
| CVE-2004-1285 | 1 Mplayer | 1 Mplayer | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream. | |||||
| CVE-2005-4866 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. | |||||
| CVE-2005-3826 | 1 Ezy Helpdesk | 1 Ezyhelpdesk | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter. | |||||
| CVE-2006-2592 | 1 Dschat | 1 Dschat | 2024-02-04 | 7.5 HIGH | N/A |
| Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||