Total
254753 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4196 | 1 Webinsta | 1 Cms | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter. | |||||
CVE-2006-1049 | 1 Joomla | 1 Joomla | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | |||||
CVE-2005-4342 | 1 Macromedia | 1 Coldfusion | 2024-02-04 | 7.5 HIGH | N/A |
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." | |||||
CVE-2006-3247 | 1 Gl-sh | 1 Deaf Forum | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL-SH Deaf Forum 6.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) page, and (3) action parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-4551 | 1 Chxo | 1 Feedsplitter | 2024-02-04 | 7.5 HIGH | N/A |
Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed. | |||||
CVE-2005-3504 | 1 Ibm | 1 Aix | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code. | |||||
CVE-2005-4706 | 1 Sun | 1 Solaris | 2024-02-04 | 2.1 LOW | N/A |
Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function. | |||||
CVE-2006-3095 | 1 Ipostmx | 1 Ipostmx 2005 | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and (2) account.cfm. | |||||
CVE-2006-2974 | 1 Emailarchitect | 1 Email Server | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp. | |||||
CVE-2006-3417 | 1 Tor | 1 Tor | 2024-02-04 | 6.4 MEDIUM | N/A |
Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities. | |||||
CVE-2005-4688 | 1 Punbb | 1 Punbb | 2024-02-04 | 5.0 MEDIUM | N/A |
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session. | |||||
CVE-2005-2496 | 1 Dave Mills | 1 Ntpd | 2024-02-04 | 4.6 MEDIUM | N/A |
The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended. | |||||
CVE-2005-3121 | 1 Eduard Bloch | 1 Module-assistant | 2024-02-04 | 2.1 LOW | N/A |
A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations. | |||||
CVE-2005-1651 | 1 Woppoware | 1 Postmaster | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the wmm parameter. | |||||
CVE-2006-2090 | 1 Mysmartbb | 1 Mysmartbb | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters. | |||||
CVE-2005-0336 | 1 Emotion | 1 Mediapartner Web Server | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML. | |||||
CVE-2006-3900 | 1 Tobias Kloy | 1 Tp-book | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
CVE-2006-1483 | 1 Desiderata Software | 1 Blazix Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of a URL. | |||||
CVE-2005-0157 | 1 Smartlist | 1 Smartlist | 2024-02-04 | 7.5 HIGH | N/A |
The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned. | |||||
CVE-2005-0356 | 9 Alaxala, Cisco, F5 and 6 more | 76 Alaxala Networks, Agent Desktop, Aironet Ap1200 and 73 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. |