Total
259156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2893 | 1 Pblang | 1 Pblang | 2024-02-04 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login. | |||||
| CVE-2005-3496 | 1 Php Handicapper | 1 Php Handicapper | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct. | |||||
| CVE-2005-4088 | 1 W2b | 1 Phpforumpro | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters. | |||||
| CVE-2006-1581 | 1 Blanknberg | 1 Blanknberg | 2024-02-04 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the _path parameter. | |||||
| CVE-2006-0685 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2024-02-04 | 10.0 HIGH | N/A |
| The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2005-2474 | 1 Churchinfo | 1 Churchinfo | 2024-02-04 | 5.0 MEDIUM | N/A |
| ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message. | |||||
| CVE-2006-4103 | 1 Jason Alexander | 1 Phnntp | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | |||||
| CVE-2005-1357 | 1 Text.cgi | 1 Text.cgi | 2024-02-04 | 5.0 MEDIUM | N/A |
| text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | |||||
| CVE-2006-1674 | 1 Phpwebgallery | 1 Phpwebgallery | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675. | |||||
| CVE-2005-1706 | 1 Mailscanner | 1 Mailscanner | 2024-02-04 | 7.5 HIGH | N/A |
| Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection. | |||||
| CVE-2005-3425 | 1 Gnu | 1 Gnump3d | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. | |||||
| CVE-2006-1699 | 1 Aweb | 1 Banner Generator | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode. | |||||
| CVE-2005-1525 | 1 The Cacti Group | 1 Cacti | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3018 | 1 Apple | 1 Safari | 2024-02-04 | 5.0 MEDIUM | N/A |
| Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL. | |||||
| CVE-2006-2159 | 1 Russcom Network | 1 Loginphp | 2024-02-04 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address. | |||||
| CVE-2006-4160 | 1 Mvcnphp | 1 Mvcnphp | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php. | |||||
| CVE-2005-3706 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 6.4 MEDIUM | N/A |
| Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory. | |||||
| CVE-2005-1116 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. | |||||
| CVE-2005-1849 | 1 Zlib | 1 Zlib | 2024-02-04 | 5.0 MEDIUM | N/A |
| inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | |||||
| CVE-2006-0585 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. | |||||