Total
254898 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1137 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) "navigate through the directory" or (2) a "file sent to expose TCP/IP ports". | |||||
| CVE-2006-1555 | 1 Tachyon | 1 Vsns Lemon | 2024-02-04 | 7.5 HIGH | N/A |
| VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic. | |||||
| CVE-2006-1149 | 1 Owl | 1 Owl Intranet Engine | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use. | |||||
| CVE-2004-1120 | 1 Prozilla | 1 Prozilla Download Accelerator | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header. | |||||
| CVE-2005-3873 | 1 Sourceshock | 1 Shockboard | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2006-0839 | 1 Sourcefire | 1 Snort | 2024-02-04 | 5.0 MEDIUM | N/A |
| The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. | |||||
| CVE-2006-4241 | 1 Mamboxchange | 1 Reporter | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3935 | 1 Alkacon | 1 Opencms | 2024-02-04 | 6.5 MEDIUM | N/A |
| system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp. | |||||
| CVE-2006-2364 | 1 Macromedia | 1 Coldfusion | 2024-02-04 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. | |||||
| CVE-2005-2134 | 1 Netbsd | 1 Netbsd | 2024-02-04 | 2.1 LOW | N/A |
| The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error. | |||||
| CVE-2006-1591 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-02-04 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. | |||||
| CVE-2006-2005 | 1 Clansys | 1 Clansys | 2024-02-04 | 7.5 HIGH | N/A |
| Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection. | |||||
| CVE-2005-1030 | 1 Active Web Softwares | 1 Active Auction House | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp. | |||||
| CVE-2006-2998 | 1 Free Qboard | 1 Free Qboard | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter. | |||||
| CVE-2006-1190 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 10.0 HIGH | N/A |
| Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-1302 | 1 Yamt | 1 Yamt | 2024-02-04 | 10.0 HIGH | N/A |
| The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag. | |||||
| CVE-2005-0015 | 1 Crosswire Bible Society | 1 Sword | 2024-02-04 | 7.5 HIGH | N/A |
| diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||
| CVE-2004-2373 | 1 Aol | 1 Instant Messenger | 2024-02-04 | 7.5 HIGH | N/A |
| The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations. | |||||
| CVE-2005-3665 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. | |||||
| CVE-2005-4326 | 1 Apc | 1 Powerchute Network Shutdown | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials. | |||||