Total
254877 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3164 | 2 Apache, Hitachi | 2 Tomcat, Cosminexus Application Server | 2024-02-04 | 2.6 LOW | N/A |
| The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. | |||||
| CVE-2005-3284 | 1 Ahnlab | 3 Myv3, V3net, V3pro 2004 | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. | |||||
| CVE-2006-1644 | 1 Interact | 1 Interact | 2024-02-04 | 5.0 MEDIUM | N/A |
| login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4505 | 1 Mcafee | 2 Common Management Agent, Virusscan Enterprise | 2024-02-04 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path. | |||||
| CVE-2006-2049 | 1 Dcscripts | 1 Dcforumlite | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter. | |||||
| CVE-2006-3219 | 1 Woltlab | 1 Burning Board | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter. | |||||
| CVE-2006-2553 | 1 Jemscripts | 1 Downloadcontrol | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector. | |||||
| CVE-2006-2688 | 1 Achievo | 1 Achievo | 2024-02-04 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter. | |||||
| CVE-2005-4643 | 1 Antharia | 1 Oncontent Cms | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it is not clear, but this might be an application service provider, in which case it might be excluded from CVE. | |||||
| CVE-2005-0275 | 1 3com | 1 3cdaemon | 2024-02-04 | 5.0 MEDIUM | N/A |
| TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name. | |||||
| CVE-2005-1687 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. | |||||
| CVE-2002-1370 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1367. Reason: This CAN was originally assigned for the theft of root certificates in CUPS, but it was later deemed to be a legitimate result of exploiting a different vulnerability, CVE-2002-1367, so it is not a distinct vulnerability. Notes: All CVE users should reference CVE-2002-1367 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-0264 | 1 Owl | 1 Owl Intranet Engine | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter. | |||||
| CVE-2005-0907 | 1 Valdersoft | 1 Shopping Cart | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php. | |||||
| CVE-2006-0144 | 2 Apache2triad, Php | 2 Apache2triad, Pear | 2024-02-04 | 7.5 HIGH | N/A |
| The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. | |||||
| CVE-2005-2140 | 1 Fsboard | 1 Fsboard | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter. | |||||
| CVE-2006-2486 | 1 Yapbb | 1 Yapbb | 2024-02-04 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter. | |||||
| CVE-2005-3628 | 1 Xpdf | 1 Xpdf | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. | |||||
| CVE-2005-2900 | 1 Cj Desing | 1 Cjlinkout | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 allows remote attackers to inject arbitrary web script or HTML via the 123 parameter. | |||||
| CVE-2006-3154 | 1 Thinkfactory | 1 Ultimate Estate | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||