Total
254751 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1804 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php. | |||||
| CVE-2006-1516 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 5.0 MEDIUM | N/A |
| The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | |||||
| CVE-2006-2588 | 1 Russcom Network | 1 Phpimages | 2024-02-04 | 5.0 MEDIUM | N/A |
| Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability. | |||||
| CVE-2004-2415 | 1 Davenport | 1 Davenport | 2024-02-04 | 5.0 MEDIUM | N/A |
| Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks. | |||||
| CVE-2006-3164 | 1 Tpl Design | 1 Tplshop | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter. | |||||
| CVE-2006-3716 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS01 for Internet Expenses; (2) APPS02, (3) APPS05, (4) APPS06, (5) APPS07, (6) APPS08, (7) APPS09, and (8) APPS10 for Oracle Application Object Library; (9) APPS11, (10) APPS12, and (11) APPS13 for Oracle Applications Technology Stack; (12) APPS14 for Oracle Call Center Technology; (13) APPS15 for Oracle Common Applications; (14) APPS18 for Oracle Self-Service Web Applications; and (15) APPS19 for Oracle Workflow Cartridge. | |||||
| CVE-2005-1182 | 1 Ibm | 1 Os 400 | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. | |||||
| CVE-2005-1507 | 1 4d | 1 Webstar | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL. | |||||
| CVE-2006-2634 | 1 Neocrome | 1 Seditio | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field. | |||||
| CVE-2006-2618 | 1 Alstrasoft | 1 Webhost Directory | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability. | |||||
| CVE-2005-2091 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2005-0698 | 1 Jason Hines | 1 Phpweblog | 2024-02-04 | 4.6 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) G_PATH parameter to init.inc.php or the (2) PATH parameter to index.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2006-2860 | 1 Webspot | 1 Webspotblogging | 2024-02-04 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) inc/logincheck.inc.php, (2) inc/adminheader.inc.php, (3) inc/global.php, or (4) inc/mainheader.inc.php. NOTE: some of these vectors were also reported for 3.0 in a separate disclosure. | |||||
| CVE-2005-0859 | 1 Czaries Network | 1 Czarnews | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14. | |||||
| CVE-2006-0916 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 7.5 HIGH | N/A |
| Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. | |||||
| CVE-2006-3733 | 1 Cisco | 1 Security Monitoring Analysis And Response System | 2024-02-04 | 7.5 HIGH | N/A |
| jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. | |||||
| CVE-2005-2611 | 1 Symantec Veritas | 3 Backup Exec, Backup Exec Remote Agent, Netbackup | 2024-02-04 | 10.0 HIGH | N/A |
| VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server. | |||||
| CVE-2006-2509 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-4622 | 1 Efilego | 1 Efilego | 2024-02-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe. | |||||
| CVE-2006-0503 | 1 Mailenable | 1 Mailenable Professional | 2024-02-04 | 5.0 MEDIUM | N/A |
| IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command. | |||||