Total
254824 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4122 | 1 Simple One-file Guestbook | 1 Simple One-file Guestbook | 2024-02-04 | 7.5 HIGH | N/A |
| Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php. | |||||
| CVE-2005-0349 | 1 Broadcom | 1 Brightstor Arcserve Backup | 2024-02-04 | 7.5 HIGH | N/A |
| The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands. | |||||
| CVE-2006-0406 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 5.0 MEDIUM | N/A |
| search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. | |||||
| CVE-2006-2950 | 1 Npds | 1 Npds | 2024-02-04 | 5.0 MEDIUM | N/A |
| Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message. | |||||
| CVE-2005-0649 | 1 Pixel-apes Group | 1 Safehtml | 2024-02-04 | 4.3 MEDIUM | N/A |
| Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." | |||||
| CVE-2004-1233 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
| Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length. | |||||
| CVE-2005-1890 | 1 Mortiforo | 1 Mortiforo | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors. | |||||
| CVE-2006-3126 | 1 Julian Pawlowski | 1 Capi4hylafax | 2024-02-04 | 7.5 HIGH | N/A |
| c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number. | |||||
| CVE-2006-2293 | 1 Expinion.net | 1 Multicalendars | 2024-02-04 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2005-3687 | 1 Whm Autopilot | 1 Whm Autopilot | 2024-02-04 | 5.0 MEDIUM | N/A |
| cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter. | |||||
| CVE-2004-1280 | 1 Junkie | 1 Junkie Ftp Client | 2024-02-04 | 10.0 HIGH | N/A |
| The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP servers to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2006-0749 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption. | |||||
| CVE-2004-0790 | 2 Microsoft, Sun | 8 Windows 2000, Windows 2003 Server, Windows 98 and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
| CVE-2006-0386 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 1.7 LOW | N/A |
| FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled. | |||||
| CVE-2006-4594 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681. | |||||
| CVE-2006-1753 | 1 Debian | 1 Debian Linux | 2024-02-04 | 3.6 LOW | N/A |
| A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2004-2329 | 1 Kerio | 1 Personal Firewall | 2024-02-04 | 7.2 HIGH | N/A |
| Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. | |||||
| CVE-2006-1888 | 1 Phpgraphy | 1 Phpgraphy | 2024-02-04 | 6.8 MEDIUM | N/A |
| phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. | |||||
| CVE-2005-0368 | 1 Chipmunk Scripts | 1 Cmscore | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php. | |||||
| CVE-2006-3298 | 1 Yahoo | 1 Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
| Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll. | |||||