Total
254797 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2032 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 2.1 LOW | N/A |
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files. | |||||
CVE-2005-1295 | 1 Include.cgi | 1 Include.cgi | 2024-02-04 | 7.5 HIGH | N/A |
include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | |||||
CVE-2006-2195 | 1 Horde | 1 Horde | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. | |||||
CVE-2005-2290 | 1 Wps | 1 Web Portal System | 2024-02-04 | 10.0 HIGH | N/A |
wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables. | |||||
CVE-2005-4663 | 1 Ocomon | 1 Ocomon | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
CVE-2005-3052 | 1 Jportal | 1 Jportal Web Portal | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php. | |||||
CVE-2005-3543 | 1 Phorum | 1 Phorum | 2024-02-04 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. | |||||
CVE-2006-2769 | 1 Sourcefire | 1 Snort | 2024-02-04 | 5.0 MEDIUM | N/A |
The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration. | |||||
CVE-2005-4658 | 1 Iisworks | 1 Aspknowledgebase | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | |||||
CVE-2006-3108 | 1 Emailarchitect | 1 Email Server | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail filter. | |||||
CVE-2004-1294 | 1 Luke Mewburn | 1 Tnftp | 2024-02-04 | 5.0 MEDIUM | N/A |
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters. | |||||
CVE-2004-2644 | 1 Asn.1 Compiler | 1 Asn.1 Compiler | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags. | |||||
CVE-2006-1462 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file. | |||||
CVE-2005-3905 | 1 Sun | 2 Jdk, Jre | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the "first issue" identified in SUNALERT:102003. | |||||
CVE-2005-4308 | 1 Scriptscenter | 1 Ezupload Pro | 2024-02-04 | 7.5 HIGH | N/A |
index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter. | |||||
CVE-2005-1109 | 1 Junkbuster | 1 Internet Junkbuster | 2024-02-04 | 7.5 HIGH | N/A |
The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption. | |||||
CVE-2005-1136 | 1 Sphpblog | 1 Sphpblog | 2024-02-04 | 5.0 MEDIUM | N/A |
Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files. | |||||
CVE-2005-0182 | 1 Mod Dosevasive | 1 Mod Dosevasive | 2024-02-04 | 5.0 MEDIUM | N/A |
The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack. | |||||
CVE-2005-1552 | 1 Geovision | 1 Digital Surveillance System | 2024-02-04 | 5.0 MEDIUM | N/A |
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image. | |||||
CVE-2005-3920 | 1 Babe Logger | 1 Babe Logger | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php. |