Total
254732 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0730 | 1 Py Software | 1 Active Webcam | 2024-02-04 | 5.0 MEDIUM | N/A |
PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt. | |||||
CVE-2005-0506 | 1 Avaya | 2 Ip Office Phone Manager, Ip Soft Phone | 2024-02-04 | 5.0 MEDIUM | N/A |
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. | |||||
CVE-2004-2444 | 1 Jaws | 1 Jaws | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
CVE-2006-2244 | 1 Web4future | 1 News Portal | 2024-02-04 | 6.4 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Web4Future News Portal allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) comentarii.php or (2) view.php. | |||||
CVE-2006-0315 | 1 Indexcor | 1 Ezdatabase | 2024-02-04 | 5.8 MEDIUM | N/A |
index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure. | |||||
CVE-2005-2141 | 1 Jollybox.de | 1 Tcp Chat | 2024-02-04 | 5.0 MEDIUM | N/A |
TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow. | |||||
CVE-2006-3980 | 1 Mambo | 1 Mambo Gallery Manager | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2005-3134 | 1 Citrix | 1 Metaframe | 2024-02-04 | 7.5 HIGH | N/A |
Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName). | |||||
CVE-2006-2706 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2024-02-04 | 5.0 MEDIUM | N/A |
Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause a denial of service via forged "session start" messages that cause AVR to connect to arbitrary hosts. | |||||
CVE-2006-0205 | 1 Wordcircle | 1 Wordcircle | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts. | |||||
CVE-2006-1757 | 1 Bill Shupp | 1 Vegadns | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
CVE-2004-1183 | 1 Libtiff | 1 Libtiff | 2024-02-04 | 5.1 MEDIUM | N/A |
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file. | |||||
CVE-2004-2621 | 1 Nortel | 1 Contivity | 2024-02-04 | 4.0 MEDIUM | N/A |
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. | |||||
CVE-2006-1567 | 1 Sitesearch | 1 Indexer | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter. | |||||
CVE-2005-2845 | 1 Ariba | 1 Ariba Spend Management Solutions | 2024-02-04 | 5.0 MEDIUM | N/A |
Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information. | |||||
CVE-2006-1417 | 1 Caloris Planitia Technologies | 1 Web Quiz Pro | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp. | |||||
CVE-2005-3844 | 1 Phpwordpress | 1 Php News And Article Manager | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action. | |||||
CVE-2006-1904 | 1 Animegenesis | 1 Gallery | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
CVE-2006-0769 | 1 Sun | 1 Solaris | 2024-02-04 | 7.2 HIGH | N/A |
Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors. | |||||
CVE-2006-1617 | 1 Advanced Poll | 1 Advanced Poll | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616. |