Total
254732 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2321 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 2.1 LOW | N/A |
| BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword. | |||||
| CVE-2006-1042 | 1 Gregarius | 1 Gregarius | 2024-02-04 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) folder parameter to feed.php or (2) rss_query parameter to search.php. | |||||
| CVE-2005-1484 | 1 Kmint21 Software | 1 Golden Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command. | |||||
| CVE-2006-0809 | 1 Skate Board | 1 Skate Board | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4) sf_cookie cookie in (b) login.php and (c) logged.php. | |||||
| CVE-2006-4751 | 1 Laurentiu Matei | 1 Expandable Home Page Cms | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter. | |||||
| CVE-2005-2981 | 1 Orionserver | 1 Orion Application Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | |||||
| CVE-2006-0504 | 1 Mailenable | 1 Mailenable Enterprise | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail. | |||||
| CVE-2005-2201 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2024-02-04 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests. | |||||
| CVE-2006-1132 | 1 Vbzoom | 1 Vbzoom | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729. | |||||
| CVE-2006-3534 | 1 Nullsoft | 1 Shoutcast Server | 2024-02-04 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | |||||
| CVE-2005-3519 | 1 Mysource | 1 Mysource | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php. | |||||
| CVE-2006-1230 | 1 Belchior Foundry | 1 Vcard | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6. | |||||
| CVE-2006-1027 | 1 Joomla | 1 Joomla | 2024-02-04 | 5.0 MEDIUM | N/A |
| feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message. | |||||
| CVE-2005-3234 | 1 Grisoft | 1 Avg Antivirus | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Grisoft AVG Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2006-4113 | 1 Hitweb | 1 Hitweb | 2024-02-04 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter. | |||||
| CVE-2005-3678 | 1 Google | 1 Talk | 2024-02-04 | 5.0 MEDIUM | N/A |
| Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender. | |||||
| CVE-2006-1113 | 1 Gerrit Van Aaken | 1 Loudblog | 2024-02-04 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-2819 | 1 Barnraiser | 1 Igloo | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter. | |||||
| CVE-2005-2852 | 1 Novell | 1 Netware | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm. | |||||
| CVE-2005-0799 | 1 Oracle | 1 Mysql | 2024-02-04 | 5.0 MEDIUM | N/A |
| MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN. | |||||