Total
254754 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2468 | 1 Scripts For Educators | 1 Sillysearch | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
CVE-2006-1074 | 1 Jason Boettcher | 1 Liero Xtreme | 2024-02-04 | 5.0 MEDIUM | N/A |
Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command. | |||||
CVE-2005-4647 | 1 Pearlinger | 1 Pearl Forums | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) forumsId and (2) topicId parameters in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-1035 | 1 Oracle | 2 Diagnostics, E-business Suite | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors. | |||||
CVE-2006-4645 | 1 Akarru | 1 Social Bookmarking Engine | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in akarru.gui/main_content.php in Akarru Social BookMarking Engine 0.4.3.34 and earlier, and possibly 0.4.4.120, allows remote attackers to execute arbitrary PHP code via a URL in the bm_content parameter. | |||||
CVE-2005-1663 | 1 Jeuce | 1 Jeuce Personal Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with "://". | |||||
CVE-2006-1189 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." | |||||
CVE-2005-2464 | 1 Pcxp Toppe Cms | 1 Pcxp Toppe Cms | 2024-02-04 | 7.5 HIGH | N/A |
login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid. | |||||
CVE-2006-0554 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 1.7 LOW | N/A |
Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data. | |||||
CVE-2005-2515 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.6 MEDIUM | N/A |
Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required. | |||||
CVE-2005-1652 | 1 Woppoware | 1 Postmaster | 2024-02-04 | 7.5 HIGH | N/A |
message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter. | |||||
CVE-2006-1005 | 1 Cactusoft | 1 Parodia | 2024-02-04 | 6.4 MEDIUM | N/A |
agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2005-4131 | 1 Microsoft | 1 Excel | 2024-02-04 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538. | |||||
CVE-2004-1313 | 1 Webroot Software | 1 My Firewall Plus | 2024-02-04 | 7.2 HIGH | N/A |
The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges. | |||||
CVE-2006-3680 | 1 Photocycle | 1 Photocycle | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1.0 allows remote attackers to inject arbitrary web script or HTML via the phpage parameter. | |||||
CVE-2004-2566 | 1 Liveworld | 4 Livechat, Livefocusgroup, Liveforum and 1 more | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and (c) search!execute.jspa. | |||||
CVE-2004-2347 | 1 Leif M. Wright | 1 Web Blog | 2024-02-04 | 7.5 HIGH | N/A |
blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests. | |||||
CVE-2006-0698 | 1 Zen Cart | 1 Zen Cart | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection. | |||||
CVE-2006-0684 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2024-02-04 | 7.5 HIGH | N/A |
change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access. | |||||
CVE-2005-0892 | 1 Smail | 1 Smail | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands. |