Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0111 | 1 Boxcar Media | 1 Shopping Cart | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter. | |||||
| CVE-2005-4000 | 1 Sitebeater | 1 Sitebeater News | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the sKeywords parameter. | |||||
| CVE-2005-3999 | 1 Sitebeater | 1 Sitebeater Mp3 Catalog | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2006-0083 | 1 Stefan Frings | 1 Sms Server Tools | 2017-07-20 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors. | |||||
| CVE-2006-0108 | 1 Idea Development Id Oy | 1 Timecan Cms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0107. | |||||
| CVE-2006-0107 | 1 Idea Development Id Oy | 1 Timecan Cms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108. | |||||
| CVE-2005-3998 | 1 Solupress | 1 Solupress News | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||||
| CVE-2006-0059 | 1 Livedata | 1 Iccp Server | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. | |||||
| CVE-2005-3986 | 1 Verosky Media | 1 Instant Photo Gallery | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php. | |||||
| CVE-2005-3976 | 1 Duware | 11 Duamazon, Duarticle, Duclassified and 8 more | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter. | |||||
| CVE-2006-0055 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 2.1 LOW | N/A |
| The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. | |||||
| CVE-2005-3958 | 1 Entergal Mx | 1 Entergal Mx | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter. | |||||
| CVE-2006-0054 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 5.0 MEDIUM | N/A |
| The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. | |||||
| CVE-2006-0050 | 1 Debian | 1 Debian Linux | 2017-07-20 | 1.2 LOW | N/A |
| snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. | |||||
| CVE-2005-3954 | 1 Blogbuddies | 1 Blogbuddies | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php. | |||||
| CVE-2006-0048 | 1 Francesco Stablum | 1 Tcpick | 2017-07-20 | 5.0 MEDIUM | N/A |
| Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer overflow or overread. | |||||
| CVE-2006-0046 | 1 Cameron Simpson | 1 Adzapper | 2017-07-20 | 7.8 HIGH | N/A |
| squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions. | |||||
| CVE-2006-0045 | 1 Linley Henzell | 1 Dungeon Crawl | 2017-07-20 | 7.2 HIGH | N/A |
| crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges. | |||||
| CVE-2006-0044 | 1 Albatross | 1 Albatross | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the "handling of submitted form fields". | |||||
| CVE-2006-0043 | 1 Suse | 1 Suse Linux | 2017-07-20 | 4.6 MEDIUM | N/A |
| Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks. | |||||
| CVE-2005-3947 | 1 Sergey Korostel | 1 Php Upload Center | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter. | |||||
| CVE-2005-3935 | 1 Socketkb | 1 Socketkb | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters. | |||||
| CVE-2005-4813 | 1 Businessobjects | 4 Crystal Enterprise Xi, Crystal Reports Server Xi, Crystal Reports Xi and 1 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections. | |||||
| CVE-2005-4812 | 1 Sisco | 4 Ax-s4 Iccp, Ax-s4 Mms, Iccp Toolkit For Mms-ease and 1 more | 2017-07-20 | 7.8 HIGH | N/A |
| The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan. | |||||
| CVE-2005-4809 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2017-07-20 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. | |||||
| CVE-2005-3934 | 1 Symantec | 1 Pcanywhere | 2017-07-20 | 7.8 HIGH | N/A |
| Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors. | |||||
| CVE-2005-3909 | 1 Post Affiliate Pro | 1 Post Affiliate Pro | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter. | |||||
| CVE-2005-4801 | 1 Yapig | 1 Yapig | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a mod_info action in modify_gallery.php. | |||||
| CVE-2005-4800 | 1 Yapig | 1 Yapig | 2017-07-20 | 9.0 HIGH | N/A |
| Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability. | |||||
| CVE-2005-4799 | 1 Yapig | 1 Yapig | 2017-07-20 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886. | |||||
| CVE-2005-4794 | 1 Cisco | 7 Application And Content Networking Software, Ata, Ip Phone 7902 and 4 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. | |||||
| CVE-2005-4786 | 1 Hauri | 3 Hauri Livecall, Virobot, Vrazmain.dll | 2017-07-20 | 4.0 MEDIUM | N/A |
| Buffer overflow in the archive decompression library (vrAZMain.dll 5.8.22.137), as used in HAURI anti-virus products including (1) ViRobot Expert 4.0, (2) ViRobot Advanced Server, and (3) HAURI LiveCall, allows user-assisted attackers to execute arbitrary code via an ALZ archive containing a file with a long filename. | |||||
| CVE-2005-4785 | 1 Jl Webworks | 1 Quickblogger | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section. | |||||
| CVE-2005-4780 | 1 Fidra Software | 1 Lighthouse Cms | 2017-07-20 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED. | |||||
| CVE-2005-4774 | 1 Xerver | 1 Xerver | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI. | |||||
| CVE-2005-4804 | 1 Sun | 1 Java System Application Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications. | |||||
| CVE-2005-4729 | 1 Vbzoom | 1 Vbzoom | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter. | |||||
| CVE-2005-4724 | 1 Phptagcool | 1 Phptagcool | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header. | |||||
| CVE-2005-3903 | 1 Sco | 1 Unixware | 2017-07-20 | 4.6 MEDIUM | N/A |
| Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S (scheme) argument that specifies a large file, a different vulnerability than CVE-2001-1063. | |||||
| CVE-2005-4723 | 1 D-link | 3 Di-524, Di-624, Di-784 | 2017-07-20 | 5.0 MEDIUM | N/A |
| D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. | |||||
| CVE-2005-4722 | 1 The Media Shoppe Berhad | 1 Tmspublisher | 2017-07-20 | 5.0 MEDIUM | N/A |
| _Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message. | |||||
| CVE-2005-4721 | 1 The Media Shoppe Berhad | 1 Tmspublisher | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4715 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. | |||||
| CVE-2005-4714 | 1 Openvmps | 1 Openvmps | 2017-07-20 | 7.5 HIGH | N/A |
| Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-4710 | 1 Autodesk | 18 3ds Max, Architectural Desktop, Autocad and 15 more | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329. | |||||
| CVE-2005-4709 | 1 Jboss | 1 Enterprise Java Beans | 2017-07-20 | 5.0 MEDIUM | N/A |
| The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread. | |||||
| CVE-2005-4700 | 1 Tellme | 1 Tellme | 2017-07-20 | 5.0 MEDIUM | N/A |
| TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message. | |||||
| CVE-2005-4699 | 1 Tellme | 1 Tellme | 2017-07-20 | 6.4 MEDIUM | N/A |
| Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter. | |||||
| CVE-2005-4698 | 1 Tellme | 1 Tellme | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters. | |||||
| CVE-2005-4697 | 1 Microsoft | 1 Windows Xp | 2017-07-20 | 2.1 LOW | N/A |
| The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. | |||||