Total
254778 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0345 | 1 Php Fusion | 1 Php Fusion | 2024-02-04 | 5.0 MEDIUM | N/A |
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter. | |||||
CVE-2006-3536 | 1 Ej3 | 1 Topo | 2024-02-04 | 7.5 HIGH | N/A |
Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports. | |||||
CVE-2006-2451 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.6 MEDIUM | N/A |
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions. | |||||
CVE-2005-2223 | 1 Mailenable | 2 Mailenable Professional, Mailenable Standard | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication. | |||||
CVE-2004-2705 | 1 Pvpgn | 1 Pvpgn | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets. | |||||
CVE-2005-3939 | 1 Wsn Knowledge Base | 1 Wsn Knowledge Base | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php. | |||||
CVE-2005-1944 | 1 Xmysqladmin | 1 Xmysqladmin | 2024-02-04 | 2.1 LOW | N/A |
xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp. | |||||
CVE-2006-1886 | 1 Oracle | 1 Peoplesoft Enterprise | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.46.12 and 8.47.04 has unknown impact and attack vectors, aka Vuln# PSE01. | |||||
CVE-2005-1267 | 5 Gentoo, Lbl, Mandrakesoft and 2 more | 5 Linux, Tcpdump, Mandrake Linux and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. | |||||
CVE-2006-0803 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used. | |||||
CVE-2006-4072 | 1 Club-nuke | 1 Club-nuke | 2024-02-04 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp. | |||||
CVE-2005-2576 | 1 Calogic | 1 Calogic | 2024-02-04 | 5.0 MEDIUM | N/A |
CaLogic 1.22, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) doclsqlres.php, (2) clmcpreload.php, (3) viewhistlog.php, (4) mcconfig.php, (5) doclsqlbak.php, (6) defcalsel.php, or (7) cl_minical.php, which reveals the path in an error message. | |||||
CVE-2006-2851 | 1 Dotproject | 1 Dotproject | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. | |||||
CVE-2006-2080 | 1 Verosky Media | 1 Instant Photo Gallery | 2024-02-04 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS. | |||||
CVE-2005-2994 | 1 Ibm | 1 Rational Clearquest | 2024-02-04 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS). | |||||
CVE-2005-4564 | 1 Adtran | 1 Netvanta | 2024-02-04 | 5.0 MEDIUM | N/A |
The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to cause a denial of service via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
CVE-2005-4679 | 1 Microsoft | 1 Ie | 2024-02-04 | 5.0 MEDIUM | N/A |
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | |||||
CVE-2006-3331 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks. | |||||
CVE-2006-0903 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 4.6 MEDIUM | N/A |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. | |||||
CVE-2006-0277 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Applications Technology Stack component; (7) APPS12 in the (d) Oracle Human Resources component; (8) APPS15 and (9) APPS16 in the (e) Oracle Marketing component; (10) APPS17 in the (f) Marketing Encyclopedia System component; (11) APPS18 in the (g) Oracle Trade Management component; and (12) APPS19 in the (h) Oracle Web Applications Desktop Integration component. |