Total
254733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1615 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-02-04 | 7.5 HIGH | N/A |
viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability. | |||||
CVE-2006-4538 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries. | |||||
CVE-2005-2271 | 1 Alexander Clauss | 1 Icab | 2024-02-04 | 2.6 LOW | N/A |
iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
CVE-2006-2665 | 1 V-webmail | 1 V-webmail | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. | |||||
CVE-2006-4158 | 1 Spaminator | 1 Spaminator | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
CVE-2005-1868 | 1 Yvesglodt | 1 I-man | 2024-02-04 | 7.5 HIGH | N/A |
I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. | |||||
CVE-2006-3004 | 1 Scriptsez | 1 Ez Ringtone Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search. | |||||
CVE-2005-2114 | 1 Mozilla | 3 Camino, Firefox, Mozilla | 2024-02-04 | 5.0 MEDIUM | N/A |
Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function. | |||||
CVE-2006-0446 | 1 Webwork | 1 Webwork | 2024-02-04 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors. | |||||
CVE-2006-4121 | 1 See-commerce | 1 See-commerce | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
CVE-2004-2509 | 1 Ubbcentral | 1 Ubb.threads | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter. | |||||
CVE-2005-2200 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2024-02-04 | 7.5 HIGH | N/A |
Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication. | |||||
CVE-2006-1595 | 1 Claroline | 1 Claroline | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command. | |||||
CVE-2006-3977 | 1 Broadcom | 1 Etrust Antivirus Webscan | 2024-02-04 | 9.3 HIGH | N/A |
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components." | |||||
CVE-2006-3083 | 2 Heimdal, Mit | 2 Heimdal, Kerberos 5 | 2024-02-04 | 7.2 HIGH | N/A |
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. | |||||
CVE-2006-1386 | 1 Twiki | 1 Twiki | 2024-02-04 | 7.5 HIGH | N/A |
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics. | |||||
CVE-2005-1127 | 1 Postgrey | 1 Postgrey | 2024-02-04 | 5.0 MEDIUM | N/A |
Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey. | |||||
CVE-2006-4366 | 1 Redblog | 1 Redblog | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2006-1969 | 1 Kcscripts | 1 Portal Pack | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
CVE-2005-1448 | 1 S9y | 1 Serendipity | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |