Total
254747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3459 | 1 Oracle | 2 Clinical, E-business Suite | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical. | |||||
| CVE-2004-0963 | 1 Microsoft | 1 Word | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. | |||||
| CVE-2005-2613 | 1 Cpaint | 1 Cpaint | 2024-02-04 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors. | |||||
| CVE-2005-3000 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters. | |||||
| CVE-2006-1432 | 1 Fusionzone | 1 Couponzone | 2024-02-04 | 5.0 MEDIUM | N/A |
| fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL. | |||||
| CVE-2006-3399 | 1 Moniwiki | 1 Moniwiki | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632. | |||||
| CVE-2005-3942 | 1 Greywyvern | 1 Orca Knowledgebase | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter. | |||||
| CVE-2006-1982 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images. | |||||
| CVE-2005-4056 | 1 Jonathan Beckett | 1 Pluggedout Nexus | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) Location, (2) Last Name, and (3) First Name parameters. | |||||
| CVE-2005-0364 | 1 Hp | 1 Hp-ux | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service. | |||||
| CVE-2006-1422 | 1 Jjwwebdesign | 1 Phpbookingcalendar | 2024-02-04 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | |||||
| CVE-2005-3200 | 1 Utopia Software | 1 Utopia News Pro | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php. | |||||
| CVE-2006-2210 | 1 321soft | 1 Php-gallery | 2024-02-04 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability. | |||||
| CVE-2006-2995 | 1 Webprojectdb | 1 Webprojectdb | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter in (1) include/nav.php and (2) include/lang.php. | |||||
| CVE-2005-3830 | 1 Activecampaign | 1 Supporttrio | 2024-02-04 | 5.0 MEDIUM | N/A |
| index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability. | |||||
| CVE-2006-2570 | 1 Calogic | 1 Calogic Calendars | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue. | |||||
| CVE-2004-2640 | 1 Ryszard Pydo | 1 Linuxstat | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter. | |||||
| CVE-2005-4599 | 1 Moxiecode | 1 Tinymce Compressor Php | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter. | |||||
| CVE-2005-4550 | 1 Oracle | 1 Application Server Discussion Forum Portlet | 2024-02-04 | 5.0 MEDIUM | N/A |
| The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00). | |||||
| CVE-2005-0978 | 1 Ivt | 1 Bluesoleil | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. (dot dot) in a PUSH command. | |||||