Total
254754 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2949 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. | |||||
CVE-2006-0055 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 2.1 LOW | N/A |
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. | |||||
CVE-2004-1053 | 1 Freebsd | 1 Fetch | 2024-02-04 | 10.0 HIGH | N/A |
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow. | |||||
CVE-2006-2595 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2583. Reason: This candidate is a duplicate of CVE-2006-2583. Notes: All CVE users should reference CVE-2006-2583 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2006-0889 | 1 Brown Bear Software | 1 Calcium | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-2677 | 1 Acnews | 1 Acnews | 2024-02-04 | 5.0 MEDIUM | N/A |
ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server. | |||||
CVE-2005-3042 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2024-02-04 | 7.5 HIGH | N/A |
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). | |||||
CVE-2005-4792 | 1 Phpwebsite | 1 Phpwebsite | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-3315 | 1 Novell | 1 Zenworks Patch Management Server | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp. | |||||
CVE-2004-2553 | 1 The Ignition Project | 1 Ignitionserver | 2024-02-04 | 6.0 MEDIUM | N/A |
The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument. | |||||
CVE-2006-2511 | 1 Frontrange | 1 Iheat | 2024-02-04 | 6.5 MEDIUM | N/A |
The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog. | |||||
CVE-2005-1416 | 1 Soft3304 | 1 04webserver | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder. | |||||
CVE-2005-2758 | 1 Symantec | 2 Antivirus Scan Engine, Antivirus Scan Engine For Network Attached Storage | 2024-02-04 | 10.0 HIGH | N/A |
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. | |||||
CVE-2005-4309 | 1 Scriptscenter | 1 Ezupload Pro | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | |||||
CVE-2005-1757 | 1 Novell | 1 Netmail | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. | |||||
CVE-2006-1375 | 1 Brain Book Software | 1 Adman | 2024-02-04 | 5.0 MEDIUM | N/A |
AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php. | |||||
CVE-2006-2400 | 1 Outgun | 1 Outgun | 2024-02-04 | 7.8 HIGH | N/A |
The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (game interruption) via large packets, which cause an exception to be thrown. | |||||
CVE-2005-2005 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-02-04 | 5.0 MEDIUM | N/A |
Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. | |||||
CVE-2005-2154 | 1 Osticket | 1 Osticket Sts | 2024-02-04 | 7.5 HIGH | N/A |
PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. | |||||
CVE-2006-2598 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2586. Reason: This candidate is a duplicate of CVE-2006-2586. Notes: All CVE users should reference CVE-2006-2586 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |