Total
254719 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2426 | 1 Ftpshell | 1 Ftpshell Server | 2024-02-04 | 2.1 LOW | N/A |
| FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command. | |||||
| CVE-2005-2975 | 1 Gnome | 2 Gdkpixbuf, Gtk | 2024-02-04 | 7.8 HIGH | N/A |
| io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. | |||||
| CVE-2006-0159 | 1 Javier Suarez Sanz | 1 Foro Domus | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown, although it may be based on post-disclosure analysis of CVE-2006-0110; the details are obtained solely from third party information. | |||||
| CVE-2006-3555 | 1 Php Fusion | 1 Php Fusion | 2024-02-04 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer. | |||||
| CVE-2006-1288 | 1 Invision Power Services | 1 Invision Power Board | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php. | |||||
| CVE-2005-0775 | 1 Photopost | 1 Photopost Php Pro | 2024-02-04 | 7.5 HIGH | N/A |
| The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator. | |||||
| CVE-2005-1483 | 1 Interspire | 1 Articlelive | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter. | |||||
| CVE-2006-2733 | 1 Mini-nuke | 1 Mini-nuke | 2024-02-04 | 5.0 MEDIUM | N/A |
| membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts. | |||||
| CVE-2005-0548 | 1 Sun | 1 Solaris Answerbook2 | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function. | |||||
| CVE-2006-2436 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 7.5 HIGH | N/A |
| WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges. | |||||
| CVE-2006-0568 | 1 Outblaze | 1 Outblaze | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2006-1823 | 1 Farsinews | 1 Farsinews | 2024-02-04 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message. | |||||
| CVE-2006-3362 | 2 Geeklog, Toenda Software Development | 2 Geeklog, Toendacms | 2024-02-04 | 5.1 MEDIUM | N/A |
| Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip. | |||||
| CVE-2005-3727 | 1 Revize Cms | 1 Revize Cms | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2006-1022 | 1 Pehepe | 1 Membership Management System | 2024-02-04 | 5.0 MEDIUM | N/A |
| PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uye_klasor parameter, along with a misafir[] parameter that is set to UYE_SEVIYE. | |||||
| CVE-2006-4086 | 1 Ozjournals | 1 Ozjournals | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2796 | 1 New-place | 1 Captivate | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. | |||||
| CVE-2004-0989 | 5 Redhat, Trustix, Ubuntu and 2 more | 6 Fedora Core, Secure Linux, Ubuntu Linux and 3 more | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. | |||||
| CVE-2006-1923 | 1 Linpha | 1 Linpha | 2024-02-04 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors. | |||||
| CVE-2005-2187 | 1 Mcafee | 1 Intrushield Security Management System | 2024-02-04 | 4.6 MEDIUM | N/A |
| McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp. | |||||