Total
254778 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-3980 | 1 Edgewall Software | 1 Trac | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. | |||||
CVE-2006-4426 | 1 Albert | 1 Albert-easysite | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. | |||||
CVE-2006-0854 | 1 Intensive Point | 1 Iuser Ecommerce | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | |||||
CVE-2005-1544 | 1 Libtiff | 1 Libtiff | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. | |||||
CVE-2006-1793 | 1 Runcms | 1 Runcms | 2024-02-04 | 7.6 HIGH | N/A |
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659. | |||||
CVE-2006-4502 | 1 Ztml | 1 Ezportal Ztml Cms | 2024-02-04 | 7.5 HIGH | N/A |
ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script. | |||||
CVE-2006-1895 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 6.5 MEDIUM | N/A |
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. | |||||
CVE-2005-3936 | 1 Socketkb | 1 Socketkb | 2024-02-04 | 7.5 HIGH | N/A |
PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter. | |||||
CVE-2005-3059 | 3 Linux, Microsoft, Opera | 3 Linux Kernel, Windows, Opera Browser | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding." | |||||
CVE-2006-0382 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | N/A |
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call. | |||||
CVE-2006-1575 | 1 Vscripts.pl | 1 Qlnews | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters. | |||||
CVE-2006-4057 | 1 Mitch Murray | 1 Eremove | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment. | |||||
CVE-2005-1631 | 1 Booby | 1 Booby | 2024-02-04 | 5.0 MEDIUM | N/A |
booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs. | |||||
CVE-2004-2507 | 1 Linksys | 1 Wvc11b | 2024-02-04 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter. | |||||
CVE-2004-0962 | 1 Apple | 1 Apple Remote Desktop | 2024-02-04 | 10.0 HIGH | N/A |
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching. | |||||
CVE-2005-3641 | 1 Oracle | 5 Database Server, Database Server Lite, Oracle10g and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. | |||||
CVE-2006-1687 | 1 Apt | 1 Apt-webshop-system | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality. | |||||
CVE-2005-2471 | 1 Netpbm | 1 Netpbm | 2024-02-04 | 7.5 HIGH | N/A |
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands. | |||||
CVE-2004-2664 | 1 John Lim | 1 Adodb | 2024-02-04 | 5.0 MEDIUM | N/A |
John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message. | |||||
CVE-2004-2598 | 1 Id Software | 1 Quake Ii Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. NOTE: the impact of this issue will vary depending on which mod is being used. |