Total
254749 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0219 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 7.5 HIGH | N/A |
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. | |||||
CVE-2006-3439 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. | |||||
CVE-2005-2467 | 1 Mysql | 1 Eventum | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. | |||||
CVE-2005-0279 | 1 Jowood Productions | 1 Soldner Secret Wars | 2024-02-04 | 5.0 MEDIUM | N/A |
Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet. | |||||
CVE-2005-1679 | 1 Timo Rossi | 1 Picasm | 2024-02-04 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message. | |||||
CVE-2006-0795 | 1 Thomastsoi | 1 Quirex | 2024-02-04 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables. | |||||
CVE-2006-3943 | 1 Microsoft | 1 Ie | 2024-02-04 | 2.6 LOW | N/A |
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. | |||||
CVE-2005-2454 | 1 Ibm | 1 Lotus Notes | 2024-02-04 | 4.6 MEDIUM | N/A |
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. | |||||
CVE-2005-1094 | 1 Network-client.com | 1 Ftp Now | 2024-02-04 | 4.6 MEDIUM | N/A |
FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | |||||
CVE-2005-4293 | 1 Kryptronic | 1 Clickcartpro | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter. | |||||
CVE-2005-0748 | 1 Webinsta | 1 Webinsta Mailing Manager | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2006-0476 | 1 Nullsoft | 1 Winamp | 2024-02-04 | 7.6 HIGH | N/A |
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | |||||
CVE-2004-2633 | 1 Arjohn Kampman | 1 Sesame Rdf Container | 2024-02-04 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors. | |||||
CVE-2006-2823 | 1 A.shopkart | 1 A.shopkart | 2024-02-04 | 5.0 MEDIUM | N/A |
Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb. | |||||
CVE-2006-4435 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 4.9 MEDIUM | N/A |
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default. | |||||
CVE-2005-3675 | 1 Tcp | 1 Tcp | 2024-02-04 | 7.8 HIGH | N/A |
The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth. | |||||
CVE-2006-2897 | 1 Funkboard | 1 Funkboard | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors. | |||||
CVE-2005-0874 | 1 Cerulean Studios | 1 Trillian | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | |||||
CVE-2005-0982 | 1 Yet Another Forum.net | 1 Yet Another Forum.net | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Yet Another Forum.net 0.9.9 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, or (3) Subject field. | |||||
CVE-2006-2885 | 1 Knowledgetree | 1 Knowledgetree | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php. |