Total
254737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1917 | 1 Blackorpheus | 1 Clanmemberskript | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter. | |||||
CVE-2006-2635 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php. | |||||
CVE-2005-2050 | 1 Tor | 1 Tor | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space. | |||||
CVE-2005-1950 | 1 Darryl Burgdorf | 1 Webhints | 2024-02-04 | 7.5 HIGH | N/A |
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | |||||
CVE-2005-3064 | 1 Multitheftauto | 1 Multitheftauto | 2024-02-04 | 5.0 MEDIUM | N/A |
MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt). | |||||
CVE-2006-4736 | 1 Cms.r. | 1 Cms.r. | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information. | |||||
CVE-2006-2491 | 2 Boastmachine, Kailash Nadh | 2 Boastmachine, Boastmachine | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable. | |||||
CVE-2006-0879 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | |||||
CVE-2005-2314 | 1 Phpsftpd | 1 Phpsftpd | 2024-02-04 | 7.5 HIGH | N/A |
inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's username and password by setting the do_login parameter and performing an edit action using user.php, which causes the login check to be bypassed and leaks the password in the response. | |||||
CVE-2005-3361 | 1 Flatnuke | 1 Flatnuke | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306. | |||||
CVE-2004-2567 | 1 Recipants | 1 Recipants | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields. | |||||
CVE-2006-0951 | 1 Eset Software | 1 Nod32 Antivirus | 2024-02-04 | 7.2 HIGH | N/A |
The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors. | |||||
CVE-2005-3439 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (4) DB07 in Data Pump Export; and (5) DB18, (6) DB19, (7) DB20, (8) DB21, (9) DB22, (10) DB23, (11) DB24, and (12) DB25 in the Spatial component. | |||||
CVE-2005-3632 | 1 Netpbm | 1 Netpbm | 2024-02-04 | 4.6 MEDIUM | N/A |
Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file. | |||||
CVE-2005-0086 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2024-02-04 | 7.5 HIGH | N/A |
Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale. | |||||
CVE-2005-0423 | 1 Aspjar | 1 Aspjar Guestbook | 2024-02-04 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
CVE-2005-2992 | 1 Arc | 1 Arc | 2024-02-04 | 2.1 LOW | N/A |
arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945. | |||||
CVE-2006-0715 | 1 Solucija | 1 Snews | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field. | |||||
CVE-2005-2257 | 1 Phpslash | 1 Phpslash | 2024-02-04 | 10.0 HIGH | N/A |
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter. | |||||
CVE-2006-4205 | 1 Webdynamite | 1 Projectbutler | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php. |