Total
254946 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2259 | 1 Usanet Creations | 6 Domain Name Auction, Makebid Auction Deluxe, Makebid Auction Standard and 3 more | 2024-02-04 | 10.0 HIGH | N/A |
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter. | |||||
CVE-2006-2680 | 1 Php4script | 1 Az Photo Album Script Pro | 2024-02-04 | 5.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter. | |||||
CVE-2006-2038 | 1 Amplecom | 1 Ampleshop | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm. | |||||
CVE-2005-3815 | 1 Greywyvern | 1 Orca Forum | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. | |||||
CVE-2006-4757 | 1 E107 | 1 E107 | 2024-02-04 | 4.6 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access." | |||||
CVE-2006-0777 | 1 Teca Scripts | 1 Guestex | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters. | |||||
CVE-2005-3818 | 1 Vtiger | 1 Vtiger Crm | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. | |||||
CVE-2006-3341 | 1 Myads | 1 Myads | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp for Xoops allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
CVE-2005-2555 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 4.6 MEDIUM | N/A |
Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. | |||||
CVE-2006-1229 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-0131 | 1 Berlios | 1 Konversation | 2024-02-04 | 5.0 MEDIUM | N/A |
The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users. | |||||
CVE-2006-2743 | 1 Drupal | 1 Drupal | 2024-02-04 | 5.1 MEDIUM | N/A |
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory. | |||||
CVE-2005-3203 | 1 Oracle | 1 Html Db | 2024-02-04 | 4.6 MEDIUM | N/A |
The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges. | |||||
CVE-2005-1598 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. | |||||
CVE-2006-0616 | 1 Sun | 2 Jdk, Jre | 2024-02-04 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." | |||||
CVE-2005-0702 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-02-04 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages. | |||||
CVE-2006-3123 | 1 Matt Blaze | 1 Cryptographic File System | 2024-02-04 | 2.1 LOW | N/A |
Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb. | |||||
CVE-2005-3274 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 1.2 LOW | 4.7 MEDIUM |
Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. | |||||
CVE-2005-0745 | 1 Utstarcom | 1 Ian-02ex Voip Ata | 2024-02-04 | 4.6 MEDIUM | N/A |
UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset. | |||||
CVE-2006-3772 | 1 Php-post | 1 Php-post | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie. |