Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0438 | 1 Phpbb Group | 1 Phpbb | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. | |||||
| CVE-2006-0437 | 1 Phpbb Group | 1 Phpbb | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. | |||||
| CVE-2006-0433 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 5.0 MEDIUM | N/A |
| Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2006-0432 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 2.1 LOW | N/A |
| Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources. | |||||
| CVE-2006-0431 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 2.1 LOW | N/A |
| Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors. | |||||
| CVE-2006-0429 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 2.1 LOW | N/A |
| BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions. | |||||
| CVE-2006-0427 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 2.1 LOW | N/A |
| Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted. | |||||
| CVE-2006-0426 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges. | |||||
| CVE-2006-0424 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 4.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information. | |||||
| CVE-2006-0422 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors. | |||||
| CVE-2006-0421 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 4.6 MEDIUM | N/A |
| By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended. | |||||
| CVE-2006-0496 | 1 Mozilla | 2 Firefox, Mozilla | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. | |||||
| CVE-2006-0415 | 1 Sleeperchat | 1 Sleeperchat | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter. | |||||
| CVE-2006-0414 | 1 Tor | 1 Tor | 2017-07-20 | 5.0 MEDIUM | N/A |
| Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. | |||||
| CVE-2006-0411 | 1 Claroline | 1 Claroline | 2017-07-20 | 10.0 HIGH | N/A |
| claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges. | |||||
| CVE-2006-0410 | 1 John Lim | 1 Adodb | 2017-07-20 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. | |||||
| CVE-2006-0408 | 1 Sun | 1 Grid Engine | 2017-07-20 | 7.2 HIGH | N/A |
| rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments. | |||||
| CVE-2005-4305 | 1 Edgewall Software | 1 Trac | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. | |||||
| CVE-2005-4439 | 1 Elog | 1 Elogd | 2017-07-20 | 7.8 HIGH | N/A |
| Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter. | |||||
| CVE-2006-0405 | 1 Libtiff | 1 Libtiff | 2017-07-20 | 5.0 MEDIUM | N/A |
| The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. | |||||
| CVE-2006-0404 | 1 Mike Macgirvin | 1 Note-a-day Weblog | 2017-07-20 | 5.0 MEDIUM | N/A |
| Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted passwords. | |||||
| CVE-2006-0402 | 1 Jason Geiger | 1 Zoph | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2006-0401 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. | |||||
| CVE-2006-0152 | 1 Phpchamber | 1 Phpchamber | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2003-1290 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). | |||||
| CVE-2003-1296 | 1 Efs Software | 1 Efs Web Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated users to cause a denial of service via (1) an "empty symbol" in the Title field or (2) certain data in the Your Message field, possibly a long argument. | |||||
| CVE-2003-1298 | 1 Anyportal Php | 1 Anyportal Php | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot). | |||||
| CVE-2003-1289 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2017-07-20 | 2.1 LOW | N/A |
| The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory. | |||||
| CVE-2002-1479 | 1 The Cacti Group | 1 Cacti | 2017-07-19 | 4.6 MEDIUM | N/A |
| Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges. | |||||
| CVE-2002-0993 | 1 Hp | 1 Instant Support | 2017-07-19 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files. | |||||
| CVE-2004-2059 | 1 Xlinesoft | 1 Asprunner | 2017-07-19 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp. | |||||
| CVE-2004-1175 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-19 | 7.5 HIGH | N/A |
| fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||||
| CVE-2004-2056 | 1 Nucleus Group | 1 Nucleus Cms | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter. | |||||
| CVE-2004-1679 | 1 Jigunet | 2 Twinftp Enterprise, Twinftp Standard | 2017-07-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands. | |||||
| CVE-2004-1712 | 1 Typepad | 1 Typepad | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter. | |||||
| CVE-2004-1583 | 1 Tridcomm | 1 Tridcomm | 2017-07-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT. | |||||
| CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | |||||
| CVE-2004-2020 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. | |||||
| CVE-2005-0505 | 1 Stackworks Enterprises | 1 Information Resource Manager | 2017-07-19 | 7.5 HIGH | N/A |
| Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins. | |||||
| CVE-1999-0955 | 1 Washington University | 1 Wu-ftpd | 2017-07-19 | 7.6 HIGH | N/A |
| Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command. | |||||
| CVE-2001-1495 | 1 Freshmeat | 2 Network Query Tool, Network Query Tool Phpnuke | 2017-07-19 | 7.5 HIGH | N/A |
| network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter. | |||||
| CVE-2002-0449 | 1 Talentsoft | 1 Web\+ Server | 2017-07-19 | 10.0 HIGH | N/A |
| Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe. | |||||
| CVE-2005-3318 | 1 Jed Wing | 1 Chm Lib | 2017-07-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930. | |||||
| CVE-2015-1172 | 1 Holding Pattern Project | 1 Holding Pattern | 2017-07-17 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2005-1163 | 1 Yager Development | 1 Yager Game | 2017-07-12 | 6.4 MEDIUM | N/A |
| Multiple buffer overflows in Yager 5.24 and earlier allow remote attackers to execute arbitrary code via (1) a crafted nickname or (2) a packet with a large amount of data. | |||||
| CVE-2005-2374 | 1 Belkin | 1 Belkin 54g Wireless Router | 2017-07-12 | 7.5 HIGH | N/A |
| Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces. | |||||
| CVE-2005-2898 | 1 Filezilla | 1 Filezilla | 2017-07-12 | 4.6 MEDIUM | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently." | |||||
| CVE-2000-0710 | 1 Microsoft | 1 Frontpage | 2017-07-12 | 5.0 MEDIUM | N/A |
| The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. | |||||
| CVE-2002-2159 | 1 Linksys | 3 Befsr11, Befsr41, Befsru31 | 2017-07-12 | 10.0 HIGH | N/A |
| Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to gain access. | |||||
| CVE-2002-1792 | 1 Fake Identd | 1 Fake Identd | 2017-07-12 | 10.0 HIGH | N/A |
| Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers to execute arbitrary code as root via a long request that is split into multiple packets. | |||||