Total
254880 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2259 | 1 Maxxcode | 1 Maxxschedule | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | |||||
| CVE-2005-3286 | 1 Kerio | 2 Personal Firewall, Serverfirewall | 2024-02-04 | 2.1 LOW | N/A |
| The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability." | |||||
| CVE-2005-0840 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0706. Reason: This candidate is a duplicate of CVE-2005-0706. Notes: All CVE users should reference CVE-2005-0706 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-2151 | 1 Double Precision Incorporated | 1 Courier Mail Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. | |||||
| CVE-2005-2584 | 1 Mentor | 1 Adslfr4ii | 2024-02-04 | 7.2 HIGH | N/A |
| The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access. | |||||
| CVE-2005-4248 | 1 Quickpaypro | 1 Quickpaypro | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php. | |||||
| CVE-2005-2894 | 1 Pblang | 1 Pblang | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field. | |||||
| CVE-2006-3307 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php. | |||||
| CVE-2005-2190 | 1 Comersus Open Technologies | 1 Comersus Cart | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. | |||||
| CVE-2006-2799 | 1 Toenda Software Development | 1 Toendacms | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. | |||||
| CVE-2006-3928 | 1 Mikael Software | 1 Wmnews | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in WMNews 0.2a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_datapath parameter. | |||||
| CVE-2005-1175 | 1 Mit | 1 Kerberos 5 | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request. | |||||
| CVE-2005-0815 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 6.4 MEDIUM | N/A |
| Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. | |||||
| CVE-2004-1212 | 1 Blog Torrent | 1 Blog Torrent Preview | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument. | |||||
| CVE-2005-1029 | 1 Active Web Softwares | 1 Active Auction House | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp. | |||||
| CVE-2006-4084 | 1 David Walker | 1 Phpautomembersarea | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical." | |||||
| CVE-2006-3795 | 1 Deluxebb | 1 Deluxebb | 2024-02-04 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php. | |||||
| CVE-2006-2448 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 5.6 MEDIUM | N/A |
| Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c). | |||||
| CVE-2005-2417 | 1 Astalavista It Engineering | 1 Contrexx | 2024-02-04 | 5.0 MEDIUM | N/A |
| Contrexx before 1.0.5 allows remote attackers to obtain sensitive information via a direct request to /config/version.xml. | |||||
| CVE-2006-4382 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. | |||||