Total
254713 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-3834 | 1 Tunez | 1 Tunez | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. | |||||
CVE-2005-3682 | 1 Wizz Forum | 1 Wizz Forum | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php. | |||||
CVE-2006-1353 | 1 Aspportal | 1 Aspportal | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp. | |||||
CVE-2006-2810 | 1 Belchior Foundry | 1 Vcard | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. | |||||
CVE-2005-2645 | 1 Xerox | 7 Document Centre 265, Document Centre 332, Document Centre 340 and 4 more | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication. | |||||
CVE-2005-1143 | 1 Easyphpcalendar | 1 Easyphpcalendar | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter. | |||||
CVE-2005-0625 | 1 Debian | 1 Reportbug | 2024-02-04 | 2.1 LOW | N/A |
reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd. | |||||
CVE-2006-0263 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the Network Communications (RPC) component. | |||||
CVE-2006-2953 | 1 Primoris Software | 1 Officeflow | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter. | |||||
CVE-2006-3801 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 7.5 HIGH | N/A |
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code. | |||||
CVE-2006-4604 | 1 Lanifex | 1 Lanifex | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter. | |||||
CVE-2005-1659 | 1 Myserver | 1 Myserver | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event. | |||||
CVE-2005-4774 | 1 Xerver | 1 Xerver | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI. | |||||
CVE-2005-1545 | 1 Ht Editor | 1 Ht Editor | 2024-02-04 | 5.1 MEDIUM | N/A |
Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow. | |||||
CVE-2006-2630 | 1 Symantec | 2 Client Security, Norton Antivirus | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
CVE-2006-0169 | 1 Myphpim | 1 Myphpim | 2024-02-04 | 7.5 HIGH | N/A |
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory. | |||||
CVE-2006-2726 | 1 Fastpublish | 1 Fastpublish Cms | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search.php and (6) adminbereich/admin.php. | |||||
CVE-2004-2600 | 2 Hp, Intel | 22 Carrier Grade Server Cc2300, Carrier Grade Server Cc3300, Carrier Grade Server Cc3310 and 19 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled. | |||||
CVE-2006-2154 | 1 Emc | 1 Retrospect | 2024-02-04 | 7.2 HIGH | N/A |
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. | |||||
CVE-2006-0058 | 1 Sendmail | 1 Sendmail | 2024-02-04 | 7.6 HIGH | N/A |
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. |