Total
254741 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2279 | 1 Invision Power Services | 1 Invision Power Board | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php. | |||||
CVE-2005-2622 | 1 Ecw-shop | 1 Ecw-shop | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter. | |||||
CVE-2006-3292 | 1 Jaws | 1 Jaws | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field). | |||||
CVE-2006-1759 | 1 Swsoft | 1 Confixx | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. | |||||
CVE-2005-3759 | 1 Horde | 1 Horde | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | |||||
CVE-2005-0913 | 1 Smarty | 1 Smarty | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code. | |||||
CVE-2006-2685 | 1 Kevin Johnson | 1 Basic Analysis And Security Engine | 2024-02-04 | 4.0 MEDIUM | N/A |
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php. | |||||
CVE-2006-2145 | 1 Harold Bakker | 1 Hb-ns | 2024-02-04 | 6.4 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter. | |||||
CVE-2004-2647 | 1 Reid Garner | 1 Free Web Chat | 2024-02-04 | 5.0 MEDIUM | N/A |
Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user. | |||||
CVE-2006-1011 | 1 Peters Software | 1 Lettermerger | 2024-02-04 | 2.1 LOW | N/A |
LetterMerger 1.2 stores user information in Access database files with insecure permissions, which allows local users to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-4711 | 1 Neocrome | 1 Land Down Under | 2024-02-04 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-0229 | 1 Citrusdb | 1 Citrusdb Customer Database | 2024-02-04 | 5.0 MEDIUM | N/A |
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt. | |||||
CVE-2006-1275 | 1 Ggz Gaming Zone | 1 Ggz Gaming Zone | 2024-02-04 | 5.0 MEDIUM | N/A |
GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service (client disconnect) via inputs that produce malformed XML, including (1) trailing ' (apostrophe) character on the ID attribute in a PLAYER XML tag, (2) joining with a long ID attribute or non-trailing ' characters, which causes a <none> name to be assigned, and then disconnecting, or (3) a long CDATA message attribute, which prevents closing tags from being added to the string. | |||||
CVE-2006-3968 | 1 Sun | 1 Solaris | 2024-02-04 | 5.0 MEDIUM | N/A |
The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified. | |||||
CVE-2006-2178 | 1 Smartwin Technology | 1 Cyberoffice Warehouse Builder | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection. | |||||
CVE-2005-0091 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2024-02-04 | 7.2 HIGH | N/A |
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls. | |||||
CVE-2006-3346 | 1 Carlos Sanchez Valle | 1 Mynewsgroups | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter. | |||||
CVE-2006-3856 | 1 Ibm | 1 Informix Dynamic Server | 2024-02-04 | 2.1 LOW | N/A |
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors. | |||||
CVE-2005-0380 | 1 Zeroboard | 1 Zeroboard | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2005-1586 | 1 Open Solution | 1 Quick.forum | 2024-02-04 | 5.0 MEDIUM | N/A |
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. |