Total
254755 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4420 | 1 Phaos | 1 Phaos | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter. | |||||
CVE-2005-1600 | 1 Libtomcrypt | 1 Libtomcrypt | 2024-02-04 | 7.5 HIGH | N/A |
A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key. | |||||
CVE-2006-2105 | 1 Jupiter Cms | 1 Jupiter Cms | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter. | |||||
CVE-2006-2670 | 1 Calendarscripts.com | 1 Chatpat | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php. | |||||
CVE-2005-0875 | 1 Cerulean Studios | 1 Trillian | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | |||||
CVE-2005-0019 | 1 Yongguang Zhang | 1 Hztty | 2024-02-04 | 4.6 MEDIUM | N/A |
Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands. | |||||
CVE-2006-1020 | 1 Johnny Vegas | 1 Vegas Forum | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||
CVE-2005-0729 | 1 Techland | 1 Xpand Rally | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a message. | |||||
CVE-2005-0485 | 1 Phparena | 1 Panews | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter. | |||||
CVE-2006-1643 | 1 Interact | 1 Interact | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party. | |||||
CVE-2006-2233 | 1 Banktown | 1 Btcxctl20com Activex Control | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information. | |||||
CVE-2006-3335 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.2 HIGH | N/A |
Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors. | |||||
CVE-2006-3702 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081. | |||||
CVE-2006-0816 | 1 Orionserver | 1 Orion Application Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. | |||||
CVE-2006-0414 | 1 Tor | 1 Tor | 2024-02-04 | 5.0 MEDIUM | N/A |
Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. | |||||
CVE-2005-3951 | 1 Php Labs | 1 Survey Wizard | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
CVE-2005-2531 | 1 Openvpn | 1 Openvpn | 2024-02-04 | 5.0 MEDIUM | N/A |
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. | |||||
CVE-2006-1858 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.8 HIGH | N/A |
SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters. | |||||
CVE-2006-3319 | 1 Php Icalendar | 1 Php Icalendar | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter. | |||||
CVE-2006-1926 | 1 Thwboard | 1 Thwboard | 2024-02-04 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter. |