Total
254797 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2766 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 2.6 LOW | N/A |
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. | |||||
CVE-2006-0080 | 1 Jelsoft | 1 Vbulletin | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php. | |||||
CVE-2006-4659 | 1 Panda | 1 Panda Platinum Internet Security | 2024-02-04 | 5.0 MEDIUM | N/A |
The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability. | |||||
CVE-2006-2419 | 1 Php | 1 Directory Listing Script | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | |||||
CVE-2006-0852 | 1 Devscripts | 1 Admbook | 2024-02-04 | 7.5 HIGH | N/A |
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php. | |||||
CVE-2005-4017 | 1 Widget Press | 1 Widget Property | 2024-02-04 | 5.0 MEDIUM | N/A |
property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | |||||
CVE-2005-2483 | 1 Karrigell | 1 Karrigell | 2024-02-04 | 7.5 HIGH | N/A |
Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script. | |||||
CVE-2006-1686 | 1 Apt | 1 Apt-webshop-system | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter. | |||||
CVE-2004-2554 | 1 Novell | 1 Client Firewall | 2024-02-04 | 7.2 HIGH | N/A |
Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges. | |||||
CVE-2006-3936 | 1 Alkacon | 1 Opencms | 2024-02-04 | 4.0 MEDIUM | N/A |
system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp. | |||||
CVE-2006-0513 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
CVE-2005-4641 | 1 Eazycms | 1 Eazycms | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||||
CVE-2005-3423 | 1 Subdreamer | 1 Subdreamer | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php. | |||||
CVE-2006-0798 | 1 Macallan | 1 Mail Solution | 2024-02-04 | 5.5 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a .. (dot dot) in the argument to the (1) CREATE, (2) SELECT, (3) DELETE, or (4) RENAME commands. | |||||
CVE-2005-1230 | 1 Magnus Lundvall | 1 Yawcam | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in a GET request. | |||||
CVE-2005-3457 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS. | |||||
CVE-2005-3314 | 1 Novell | 1 Netmail | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments." | |||||
CVE-2006-0137 | 1 Phanatic Softwares | 1 Chimera Web Portal | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2005-1305 | 1 Hyper.cgi | 1 Hyper.cgi | 2024-02-04 | 5.0 MEDIUM | N/A |
The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | |||||
CVE-2006-3766 | 1 Darrens 5-dollar Script Archive | 1 Osdate | 2024-02-04 | 5.0 MEDIUM | N/A |
Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10. |