Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3601 | 1 Dotnetnuke | 1 Dotnetnuke | 2016-11-28 | 10.0 HIGH | N/A |
| ** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable. | |||||
| CVE-2003-1299 | 1 Pablo Software Solutions | 1 Baby Ftp Server | 2016-11-28 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "..." (triple dot) manipulations to the CWD command. | |||||
| CVE-2005-1232 | 1 Sun | 1 Java System Web Proxy Server | 2016-11-28 | 7.5 HIGH | N/A |
| Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2004-0548 | 2 Gentoo, Gnu | 2 Linux, Aspell | 2016-11-28 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option. | |||||
| CVE-2007-6753 | 1 Microsoft | 5 Windows 2000, Windows 7, Windows Server 2008 and 2 more | 2016-11-28 | 6.2 MEDIUM | N/A |
| Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. | |||||
| CVE-2002-0771 | 1 Viewcvs | 1 Viewcvs | 2016-11-19 | 6.4 MEDIUM | N/A |
| Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters. | |||||
| CVE-2000-0166 | 1 Interaccess | 1 Interaccess Telnetd Server | 2016-11-19 | 10.0 HIGH | N/A |
| Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name. | |||||
| CVE-2015-8580 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-08 | 6.8 MEDIUM | N/A |
| Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. | |||||
| CVE-2007-1365 | 1 Openbsd | 1 Openbsd | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service. | |||||
| CVE-2006-6175 | 1 Horde | 1 Kronolith | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter. | |||||
| CVE-2006-6909 | 1 Karl Dahlke | 1 Edbrowse | 2016-10-18 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names. | |||||
| CVE-2006-5298 | 1 Mutt | 1 Mutt | 2016-10-18 | 1.2 LOW | N/A |
| The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. | |||||
| CVE-2006-4921 | 1 Siteatschool | 1 Siteatschool | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-3963 | 1 Banex | 1 Banex | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php. | |||||
| CVE-2006-4429 | 1 Phlymail | 1 Phlymail Lite | 2016-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly. | |||||
| CVE-2006-3965 | 1 Banex | 1 Banex | 2016-10-18 | 5.0 MEDIUM | N/A |
| Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords. | |||||
| CVE-2006-3190 | 1 Hotplug Cms | 1 Hotplug Cms | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters. | |||||
| CVE-2006-3964 | 1 Banex | 1 Banex | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter. | |||||
| CVE-2006-2646 | 1 Alt-n | 1 Mdaemon | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote). | |||||
| CVE-2006-1523 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 10.0 HIGH | N/A |
| The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON. | |||||
| CVE-2006-0091 | 1 Open-xchange | 1 Open-xchange | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline. | |||||
| CVE-2005-4215 | 1 Motorola | 1 Motorola Cable Modem | 2016-10-18 | 7.8 HIGH | N/A |
| Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). | |||||
| CVE-2005-4510 | 1 Extensis | 1 Netpublish Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter. | |||||
| CVE-2005-4802 | 1 Flexbackup | 1 Flexbackup | 2016-10-18 | 4.6 MEDIUM | N/A |
| Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use. | |||||
| CVE-2005-4402 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2016-10-18 | 6.5 MEDIUM | N/A |
| Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command. | |||||
| CVE-2005-4551 | 1 Simpbook | 1 Simpbook | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php. | |||||
| CVE-2005-4549 | 1 Oracle | 1 Application Server Discussion Forum Portlet | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article. | |||||
| CVE-2005-3799 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path. | |||||
| CVE-2005-3801 | 1 Counterpane | 1 Passwordsafe | 2016-10-18 | 4.6 MEDIUM | N/A |
| CounterPane PasswordSafe 1.x and 2.x allows local users to test possible encryption keys against a subset of the stored key data without performing the more expensive key derivation function (KDF) function, which reduces the search time in brute force attacks. | |||||
| CVE-2005-3791 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2016-10-18 | 5.0 MEDIUM | N/A |
| HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors. | |||||
| CVE-2005-3790 | 1 Phpwcms | 1 Phpwcms | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters. | |||||
| CVE-2005-3809 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 7.8 HIGH | N/A |
| The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference. | |||||
| CVE-2005-3725 | 1 Zyxel | 1 Prestige 2000w V.1voip Wi-fi Phone | 2016-10-18 | 6.4 MEDIUM | N/A |
| Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE. | |||||
| CVE-2005-3789 | 1 Phpwcms | 1 Phpwcms | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php. | |||||
| CVE-2005-3777 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-18 | 5.0 MEDIUM | N/A |
| MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form. | |||||
| CVE-2005-3776 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system. | |||||
| CVE-2005-3847 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 4.0 MEDIUM | N/A |
| The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump. | |||||
| CVE-2005-3810 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 7.8 HIGH | N/A |
| ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference. | |||||
| CVE-2005-3723 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2016-10-18 | 7.5 HIGH | N/A |
| Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service. | |||||
| CVE-2005-3897 | 1 Apple | 1 Safari | 2016-10-18 | 7.8 HIGH | N/A |
| Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. | |||||
| CVE-2005-3892 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2016-10-18 | 5.0 MEDIUM | N/A |
| Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone. | |||||
| CVE-2005-3896 | 1 Mozilla | 1 Mozilla | 2016-10-18 | 7.8 HIGH | N/A |
| Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. | |||||
| CVE-2005-3583 | 1 Sun | 2 Jre, Sdk | 2016-10-18 | 7.8 HIGH | N/A |
| (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss. | |||||
| CVE-2005-3679 | 1 Activecampaign | 1 1-2-all Broadcast Email | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel. | |||||
| CVE-2005-3680 | 1 Xoops | 1 Xoops | 2016-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter. | |||||
| CVE-2005-3720 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2016-10-18 | 5.0 MEDIUM | N/A |
| The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions. | |||||
| CVE-2005-3649 | 1 Moodle | 1 Moodle | 2016-10-18 | 2.6 LOW | N/A |
| jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter. | |||||
| CVE-2005-3622 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-10-18 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. | |||||
| CVE-2005-3594 | 1 E107 | 1 E107 | 2016-10-18 | 5.0 MEDIUM | N/A |
| game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. | |||||
| CVE-2005-3677 | 1 Realnetworks | 1 Realplayer | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different. | |||||