Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0108 | 1 Allaire | 1 Forums | 2008-11-04 | 7.5 HIGH | N/A |
| Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address. | |||||
| CVE-2002-0118 | 1 Infopop | 1 Ultimate Bulletin Board | 2008-11-04 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. | |||||
| CVE-2002-0141 | 1 Maelstrom | 1 Maelstrom Gpl | 2008-11-04 | 1.2 LOW | N/A |
| Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file. | |||||
| CVE-2002-0127 | 1 Netgear | 1 Rp114 | 2008-11-04 | 5.0 MEDIUM | N/A |
| Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port. | |||||
| CVE-2006-2062 | 1 Leadhound Network | 2 Leadhound Full, Leadhound Lite | 2008-11-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) agent_links.pl, (3) agent_transactions.pl, (4) agent_subaffiliates.pl, and (5) agent_summary.pl; the camp_id parameter in (6) agent_transactions_csv.pl, (7) agent_subaffiliates.pl, and (8) agent_camp_det.pl; the (9) login parameter in agent_commission_statement.pl; the logged parameter in (10) agent_commission_statement.pl and (11) agent_camp_det.pl; the (12) agent_id parameter in agent_commission_statement.pl; and the (13) sub parameter in unspecified files. | |||||
| CVE-2006-1945 | 1 Awstats | 1 Awstats | 2008-11-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732. | |||||
| CVE-2006-2063 | 1 Leadhound Network | 2 Leadhound Full, Leadhound Lite | 2008-11-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl. | |||||
| CVE-2006-1854 | 1 Bluepay | 1 Bluepay Manager | 2008-11-03 | 2.6 LOW | N/A |
| ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute. | |||||
| CVE-2006-1684 | 1 Ecotwo | 1 Shopsystem | 2008-11-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via (1) the lang parameter in news.php and (2) other unspecified vectors. | |||||
| CVE-2006-1686 | 1 Apt | 1 Apt-webshop-system | 2008-11-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter. | |||||
| CVE-2004-0716 | 1 Hp | 1 Hp-ux | 2008-10-24 | 10.0 HIGH | N/A |
| Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data. | |||||
| CVE-2007-6718 | 1 Mplayer | 1 Mplayer | 2008-10-20 | 4.3 MEDIUM | N/A |
| MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486. | |||||
| CVE-2005-3948 | 1 Phpalbum.net | 1 Phpalbum | 2008-10-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters. | |||||
| CVE-2005-3939 | 1 Wsn Knowledge Base | 1 Wsn Knowledge Base | 2008-10-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php. | |||||
| CVE-2005-3956 | 1 Dmanews | 1 Dmanews | 2008-10-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action. | |||||
| CVE-2005-3953 | 1 Bedeng Psp | 1 Bedeng Psp | 2008-10-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php. | |||||
| CVE-2003-0317 | 1 Iisprotect | 1 Iisprotect | 2008-10-03 | 7.5 HIGH | N/A |
| iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters. | |||||
| CVE-2002-0471 | 1 Phpnettoolpack | 1 Phpnettoolpack | 2008-09-24 | 10.0 HIGH | N/A |
| PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable. | |||||
| CVE-2002-0470 | 1 Phpnettoolpack | 1 Phpnettoolpack | 2008-09-24 | 7.2 HIGH | N/A |
| PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path. | |||||
| CVE-2000-0697 | 1 Sun | 1 Solaris Answerbook2 | 2008-09-24 | 10.0 HIGH | N/A |
| The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters. | |||||
| CVE-2005-4512 | 1 Waxtrapp | 1 Waxtrapp | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4429 | 1 Cs-cart | 1 Cs-cart | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php. | |||||
| CVE-2005-4430 | 1 Logicnow | 1 Logicbill | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php. | |||||
| CVE-2005-4431 | 1 Wowbb | 1 Wowbb | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE-2005-1554 and CVE-2004-2181. | |||||
| CVE-2005-4781 | 1 Sergids | 1 Top Music Module | 2008-09-20 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the (1) idartist, (2) idsong, and (3) idalbum parameters to modules.php. | |||||
| CVE-2005-4403 | 1 Qcm | 1 Marwel | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter. | |||||
| CVE-2005-4475 | 1 Alkacon | 1 Opencms | 2008-09-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4486 | 1 Quantum Art | 1 Qp7 Enterprise | 2008-09-20 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227, the vendor disputed the accuracy of this report, saying that the p_news_id, news_and_events_new.asp, and news.asp are not specifically part of their product, although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error, but this could not be repeated for news.asp. | |||||
| CVE-2005-4480 | 1 Plexcor | 1 Plexcor Cms | 2008-09-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4477 | 1 Papaya | 1 Papaya Cms | 2008-09-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[searchfor] parameter. | |||||
| CVE-2005-4719 | 1 Sysbotz | 1 Systems Panel | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php. | |||||
| CVE-2005-4743 | 1 Nelogic Technologies | 1 Nephp Publisher | 2008-09-20 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters. | |||||
| CVE-2005-4651 | 1 Alstrasoft | 1 Epay | 2008-09-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. | |||||
| CVE-2005-4641 | 1 Eazycms | 1 Eazycms | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||||
| CVE-2005-4481 | 1 Polopoly | 1 Polopoly | 2008-09-20 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom implementation of the [polopoly] site". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package. | |||||
| CVE-2005-4640 | 1 Class-1 | 1 Poll Software | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters. | |||||
| CVE-2005-4373 | 1 Liquid Bytes Technologies | 1 Adaptive Website Framework | 2008-09-20 | 5.0 MEDIUM | N/A |
| Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. | |||||
| CVE-2005-4634 | 1 Activecampaign | 1 Supporttrio | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information. | |||||
| CVE-2005-4401 | 1 Lutece | 1 Lutece | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the query parameter. | |||||
| CVE-2005-4629 | 1 Smbcms | 1 Smbcms | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters. | |||||
| CVE-2005-4628 | 1 Help Desk Point Software | 1 Helpdeskpoint | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2005-4398 | 1 Mindroute Software | 1 Lemoon | 2008-09-20 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product." | |||||
| CVE-2005-4621 | 1 Jelsoft | 1 Vbulletin | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. | |||||
| CVE-2005-4619 | 1 Phpoutsourcing | 1 Zorum | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method. | |||||
| CVE-2005-4399 | 1 Libertas Solutions | 1 Libertas Enterprise Cms | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter. | |||||
| CVE-2005-4400 | 1 Liferay | 1 Liferay Portal Enterprise | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. | |||||
| CVE-2005-4498 | 1 Text-e | 1 Text-e Cms | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4406 | 1 Tmc Visionpool | 1 Mercury Cms | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2005-4407 | 1 Tmc Visionpool | 1 Mercury Cms | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters. | |||||
| CVE-2005-4598 | 1 Ooapp | 1 Ooapp Guestbook | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||