Total
254755 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2213 | 1 Mms Ripper | 1 Mms Ripper | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow remote attackers to execute arbitrary code via a file with more than 20 streams. | |||||
CVE-2006-1844 | 1 Debian | 2 Base-config, Shadow | 2024-02-04 | 2.1 LOW | N/A |
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. | |||||
CVE-2006-2065 | 1 Phpsurveyor | 1 Phpsurveyor | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable. | |||||
CVE-2005-1254 | 1 Ipswitch | 1 Imail | 2024-02-04 | 5.0 MEDIUM | N/A |
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. | |||||
CVE-2006-2668 | 1 Docebolms | 1 Docebolms | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php. | |||||
CVE-2006-2174 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter. | |||||
CVE-2005-4758 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP. | |||||
CVE-2006-1697 | 1 Matt Wright | 1 Matt Wright Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message. | |||||
CVE-2005-4198 | 1 Netref | 1 Netref | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | |||||
CVE-2005-2197 | 1 Id Board | 1 Id Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php. | |||||
CVE-2004-2491 | 1 Opera | 1 Opera Browser | 2024-02-04 | 2.6 LOW | N/A |
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. | |||||
CVE-2005-3196 | 1 Planet Technology Corp | 1 Fgsw2402rs | 2024-02-04 | 4.6 MEDIUM | N/A |
Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges. | |||||
CVE-2005-3538 | 1 Ifax Solutions | 1 Hylafax | 2024-02-04 | 7.5 HIGH | N/A |
hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges. | |||||
CVE-2006-0388 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 2.6 LOW | N/A |
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources. | |||||
CVE-2005-1955 | 1 Singapore | 1 Singapore | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | |||||
CVE-2006-4649 | 1 Bingo News | 1 Bingo News | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter. | |||||
CVE-2005-4829 | 1 Virtuemart | 1 Virtuemart | 2024-02-04 | 10.0 HIGH | N/A |
VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors. | |||||
CVE-2006-3389 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 5.0 MEDIUM | N/A |
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information. | |||||
CVE-2006-0507 | 1 Easy Cms | 1 Easy Cms | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) input fields of the contact form. | |||||
CVE-2005-2735 | 1 Phpgraphy | 1 Phpgraphy | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. |