Total
254778 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0703 | 1 Xerox | 18 Workcentre 165, Workcentre 175, Workcentre 2128 and 15 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179. | |||||
CVE-2006-2060 | 1 Invision Power Services | 1 Invision Power Board | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename. | |||||
CVE-2005-1172 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter. | |||||
CVE-2006-0309 | 1 Linksys | 1 Befvp41 | 2024-02-04 | 4.0 MEDIUM | N/A |
Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length. | |||||
CVE-2005-3291 | 1 Stani | 1 Stanis Python Editor | 2024-02-04 | 4.6 MEDIUM | N/A |
Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files. | |||||
CVE-2006-3620 | 1 Dream4 | 1 Koobi Pro | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter. | |||||
CVE-2006-1776 | 1 Simplog | 1 Simplog | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter. | |||||
CVE-2005-3781 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries." | |||||
CVE-2006-3516 | 1 Freehost | 1 Freehost | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php. | |||||
CVE-2006-0291 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) WF02 and (2) WF03 in the Oracle Workflow Cartridge component. | |||||
CVE-2006-4463 | 1 Jetstat.com | 1 Js Asp Faq Manager | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password field). | |||||
CVE-2005-4556 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php. | |||||
CVE-2006-0410 | 1 John Lim | 1 Adodb | 2024-02-04 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. | |||||
CVE-2006-3619 | 1 Fastjar | 1 Fastjar | 2024-02-04 | 2.6 LOW | N/A |
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. | |||||
CVE-2006-1506 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2024-02-04 | 7.2 HIGH | N/A |
Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges. | |||||
CVE-2005-4753 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection. | |||||
CVE-2006-3487 | 1 Virtuastore | 1 Virtuastore | 2024-02-04 | 5.0 MEDIUM | N/A |
VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb. | |||||
CVE-2006-3243 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. | |||||
CVE-2006-0967 | 1 Ncp Network Communications | 1 Secure Client | 2024-02-04 | 2.1 LOW | N/A |
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks. | |||||
CVE-2005-4419 | 1 Quicksquare Development | 2 Honeycomb Archive, Honeycomb Archive Enterprise | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters. |