Total
254755 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3073 | 1 Cisco | 2 Asa 5500, Vpn 3000 Concentrator Series Software | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher. | |||||
CVE-2006-3184 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2024-02-04 | 4.0 MEDIUM | N/A |
Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp. | |||||
CVE-2006-0672 | 1 Hp | 1 Psc 1210 All-in-one | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0.06 has unknown impact and attack vectors. | |||||
CVE-2006-2601 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2589. Reason: This candidate is a duplicate of CVE-2006-2589. Notes: All CVE users should reference CVE-2006-2589 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2004-1160 | 1 Netscape | 1 Navigator | 2024-02-04 | 7.5 HIGH | N/A |
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | |||||
CVE-2005-3304 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. | |||||
CVE-2005-4484 | 1 Iatek | 1 Intranetapp | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp. | |||||
CVE-2005-1129 | 1 Egroupware | 1 Egroupware | 2024-02-04 | 2.1 LOW | N/A |
eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient. | |||||
CVE-2006-3152 | 1 Bluehouse Project | 1 Phptrader | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c) newad.php, (d) printad.php, (e) askseller.php, (f) browse.php, (g) showmemberads.php, (h) note_ad.php, (i) abuse.php, (j) buynow.php, (k) confirm_newad.php, (2) an parameter in (l) printad.php, (m) note_ad.php, (3) who parameter in (n) showmemberads.php, and (4) adnr parameter in (o) buynow.php. | |||||
CVE-2005-4233 | 1 Php Web Scripts | 1 Ad Manager Pro | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter. | |||||
CVE-2006-0105 | 1 Postgresql | 1 Postgresql | 2024-02-04 | 5.0 MEDIUM | N/A |
PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. | |||||
CVE-2005-2185 | 1 Emc | 1 Eroom | 2024-02-04 | 7.5 HIGH | N/A |
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. | |||||
CVE-2005-2458 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables". | |||||
CVE-2005-0844 | 1 Nortel | 1 Contivity | 2024-02-04 | 4.6 MEDIUM | N/A |
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. | |||||
CVE-2005-4489 | 1 Scoop | 1 Scoop | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type and (2) count parameters, and (3) the query string in a story. | |||||
CVE-2006-1431 | 1 Fusionzone | 1 Couponzone | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded (1) srchfor and (2) srchby parameters. | |||||
CVE-2006-3337 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
CVE-2004-0927 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2024-02-04 | 5.0 MEDIUM | N/A |
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions. | |||||
CVE-2005-4166 | 1 Duware | 1 Duportal Pro | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter. | |||||
CVE-2005-4081 | 1 Alisveristr | 1 Alisveristr E-commerce | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands via the username and password parameters in (1) the user login and (2) administrator login pages. |