Total
254754 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1821 | 1 Powerscripts.org | 1 Powerdownload | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php. | |||||
CVE-2005-1717 | 1 Zyxel | 1 Prestige 650r-31 | 2024-02-04 | 5.0 MEDIUM | N/A |
ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets. | |||||
CVE-2006-0176 | 1 Xmame | 1 Xmame | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux. | |||||
CVE-2004-2627 | 1 Sun | 1 J2me | 2024-02-04 | 10.0 HIGH | N/A |
Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code. | |||||
CVE-2006-0946 | 1 Thomson | 1 Speedtouch | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. | |||||
CVE-2006-3924 | 1 Dokeos | 1 Dokeos | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2004-1209 | 1 Verisign | 1 Payflow Link | 2024-02-04 | 5.0 MEDIUM | N/A |
Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase. | |||||
CVE-2005-0200 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 7.5 HIGH | N/A |
TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386. | |||||
CVE-2006-2401 | 1 Outgun | 1 Outgun | 2024-02-04 | 7.8 HIGH | N/A |
The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read. | |||||
CVE-2005-0909 | 1 Tkais Shoutbox | 1 Tkais Shoutbox | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter. | |||||
CVE-2005-0968 | 1 Broadcom | 1 Etrust Intrusion Detection | 2024-02-04 | 5.0 MEDIUM | N/A |
Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API. | |||||
CVE-2005-4784 | 1 Austin Group | 1 Posix | 2024-02-04 | 5.6 MEDIUM | N/A |
Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib. | |||||
CVE-2005-0965 | 1 Rob Flynn | 1 Gaim | 2024-02-04 | 5.0 MEDIUM | N/A |
The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read. | |||||
CVE-2004-1216 | 1 Burut | 1 Kreed | 2024-02-04 | 5.0 MEDIUM | N/A |
The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the server continues the game. | |||||
CVE-2005-4745 | 1 Freeradius | 1 Freeradius | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
CVE-2005-3735 | 1 Coastal Data Management | 1 E-quick Cart | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp. | |||||
CVE-2005-2240 | 1 Xpvm | 1 Xpvm | 2024-02-04 | 2.1 LOW | N/A |
xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. | |||||
CVE-2005-2430 | 1 Gforge | 1 Gforge | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form. | |||||
CVE-2004-2616 | 1 Onnuri Infotek | 1 Activepost Standard | 2024-02-04 | 4.0 MEDIUM | N/A |
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message. | |||||
CVE-2006-0870 | 1 Mini-nuke | 1 Mini-nuke Cms | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well. |