Total
254822 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2294 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 4.3 MEDIUM | N/A |
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. | |||||
CVE-2005-1995 | 1 Bitrix | 1 Bitrix Site Manager | 2024-02-04 | 5.0 MEDIUM | N/A |
Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message. | |||||
CVE-2006-1523 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 10.0 HIGH | N/A |
The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON. | |||||
CVE-2006-1100 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data. | |||||
CVE-2004-1219 | 1 Php Arena | 1 Pafiledb | 2024-02-04 | 5.0 MEDIUM | N/A |
paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session. | |||||
CVE-2006-2323 | 1 Smartisoft | 1 Phplistpro | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already covered by CVE-2006-1749. | |||||
CVE-2006-3127 | 1 Sun | 2 Java Enterprise System, Java System Directory Server | 2024-02-04 | 7.8 HIGH | N/A |
Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations. | |||||
CVE-2005-2501 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.6 HIGH | N/A |
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file. | |||||
CVE-2005-4813 | 1 Businessobjects | 4 Crystal Enterprise Xi, Crystal Reports Server Xi, Crystal Reports Xi and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections. | |||||
CVE-2006-2064 | 1 Sun | 1 Solaris | 2024-02-04 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain privileges or cause a denial of service (application failure) via unknown attack vectors that involve the getpwnam family of non-reentrant functions. | |||||
CVE-2005-3536 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | |||||
CVE-2005-3518 | 1 Punbb | 1 Punbb | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter. | |||||
CVE-2005-1575 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.0 MEDIUM | N/A |
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. | |||||
CVE-2005-1300 | 1 Inserter.cgi | 1 Inserter.cgi | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | |||||
CVE-2006-0542 | 1 Nukedweb | 1 Guestbookhost | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters. | |||||
CVE-2005-3862 | 1 Unalz | 1 Unalz | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives. | |||||
CVE-2005-0779 | 1 Platinumftp | 1 Platinumftpserver | 2024-02-04 | 5.0 MEDIUM | N/A |
PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username. | |||||
CVE-2005-3929 | 1 Xaraya | 1 Xaraya | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php. | |||||
CVE-2004-1279 | 1 Jpegtoavi | 1 Jpegtoavi | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames. | |||||
CVE-2006-3200 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service (crash) via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. NOTE: some third parties were unable to verify this issue. |