Total
254754 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2661 | 1 Soft3304 | 1 04webserver | 2024-02-04 | 5.0 MEDIUM | N/A |
| Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code). | |||||
| CVE-2005-1371 | 1 Bulletproof | 1 Bulletproof Ftp Server | 2024-02-04 | 7.2 HIGH | N/A |
| BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges. | |||||
| CVE-2006-0390 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4504. Reason: This candidate is a duplicate of CVE-2005-4504. Notes: All CVE users should reference CVE-2005-4504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2006-3862 | 1 Ibm | 1 Informix Dynamic Server | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable). | |||||
| CVE-2006-3107 | 1 Docebo | 1 Docebo | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different. | |||||
| CVE-2006-1764 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-04 | 7.8 HIGH | N/A |
| Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2005-4771 | 1 Trust Digital | 1 Trusted Mobility Suite | 2024-02-04 | 4.6 MEDIUM | N/A |
| Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized. | |||||
| CVE-2006-1284 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2024-02-04 | 4.6 MEDIUM | N/A |
| The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks. | |||||
| CVE-2006-3653 | 1 Microsoft | 1 Works | 2024-02-04 | 2.6 LOW | N/A |
| wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files. | |||||
| CVE-2006-3848 | 1 Krischan Jodies | 1 Ip Calculator | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable. | |||||
| CVE-2006-3537 | 1 Randshop | 1 Randshop | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Randshop before 1.2 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter, a different vector than CVE-2006-3375. | |||||
| CVE-2005-3351 | 1 Apache | 1 Spamassassin | 2024-02-04 | 5.0 MEDIUM | N/A |
| SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | |||||
| CVE-2005-4090 | 1 Hp | 1 Hp-ux | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact. | |||||
| CVE-2005-4292 | 1 Internet Express Products | 1 Commercesql | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature. | |||||
| CVE-2005-4435 | 1 Abledesign | 1 D-man | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-3230 | 1 Panda | 1 Activescan | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-2717 | 1 Webcalendar | 1 Webcalendar | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts. | |||||
| CVE-2005-3419 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized. | |||||
| CVE-2005-1675 | 1 Groove | 2 Groove Workspace, Virtual Office | 2024-02-04 | 4.6 MEDIUM | N/A |
| Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 installs the client installation directories with insecure EVERYBODY permissions, which allows local users to gain sensitive information. | |||||
| CVE-2006-0222 | 1 Alstrasoft | 1 Template Seller | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter. | |||||