Total
254730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3750 | 1 Hashcash | 1 Hashcash | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2005-1396 | 1 Swlink | 1 Ce Ceterm | 2024-02-04 | 1.2 LOW | N/A |
Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file. | |||||
CVE-2004-2295 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
CVE-2006-2458 | 1 Libextractor | 1 Libextractor | 2024-02-04 | 4.0 MEDIUM | N/A |
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c). | |||||
CVE-2005-1997 | 1 Mcgallery | 1 Mcgallery | 2024-02-04 | 5.0 MEDIUM | N/A |
show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter. | |||||
CVE-2005-0651 | 1 Projectbb | 1 Projectbb | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "drivers.php" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section. | |||||
CVE-2005-0762 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file. | |||||
CVE-2006-3788 | 1 Ufo2000 | 1 Ufo2000 | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data. | |||||
CVE-2005-3379 | 1 Trend Micro | 2 Officescan, Pc-cillin 2005 | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
CVE-2006-0482 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a "date -s" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call. | |||||
CVE-2006-2753 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. | |||||
CVE-2006-0960 | 1 Compex | 1 Netpassage Wpe54g | 2024-02-04 | 5.0 MEDIUM | N/A |
uConfig agent in Compex NetPassage WPE54G router allows remote attackers to cause a denial of service (unresposiveness) via crafted datagrams to UDP port 7778. | |||||
CVE-2005-2753 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string. | |||||
CVE-2005-1799 | 1 Freestyle | 2 Wiki, Wikilite | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2006-3997 | 1 Wowroster | 1 Wowroster | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter. | |||||
CVE-2005-1562 | 1 Maxwebportal | 1 Maxwebportal | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp. | |||||
CVE-2005-2085 | 1 Infradig Systems | 1 Inframail Advantage | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command. | |||||
CVE-2006-1141 | 1 Inter7 | 1 Qmailadmin | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. | |||||
CVE-2006-1428 | 1 Coinsoft Technologies | 1 Phpcoin | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. | |||||
CVE-2005-3827 | 1 Agileco | 1 Agilebill | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |