Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1849 | 1 Skymarx Solutions | 1 Xflow | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter. | |||||
| CVE-2006-1850 | 1 Skymarx Solutions | 1 Xflow | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi. | |||||
| CVE-2006-1851 | 1 Skymarx Solutions | 1 Xflow | 2017-07-20 | 5.0 MEDIUM | N/A |
| xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/index.cgi, probably due to invalid values. | |||||
| CVE-2006-1852 | 1 Scriptsfrenzy | 1 Article Publisher Pro | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter. | |||||
| CVE-2006-1853 | 1 Moderngigabyte | 1 Modernbill | 2017-07-20 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php. | |||||
| CVE-2006-1859 | 1 Linux | 1 Linux Kernel | 2017-07-20 | 2.1 LOW | N/A |
| Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak." | |||||
| CVE-2006-1860 | 1 Linux | 1 Linux Kernel | 2017-07-20 | 2.1 LOW | N/A |
| lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack. | |||||
| CVE-2006-1865 | 1 Beagle-project | 1 Beagle | 2017-07-20 | 7.5 HIGH | N/A |
| Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing. | |||||
| CVE-2000-1239 | 1 Ibm | 1 Tivoli Management Framework | 2017-07-20 | 9.0 HIGH | N/A |
| The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files. | |||||
| CVE-2000-1240 | 1 Anyportal Php | 1 Anyportal Php | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attack vectors, which reveal the absolute path. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2003-1289 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2017-07-20 | 2.1 LOW | N/A |
| The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory. | |||||
| CVE-2003-1290 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). | |||||
| CVE-2003-1296 | 1 Efs Software | 1 Efs Web Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated users to cause a denial of service via (1) an "empty symbol" in the Title field or (2) certain data in the Your Message field, possibly a long argument. | |||||
| CVE-2003-1298 | 1 Anyportal Php | 1 Anyportal Php | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot). | |||||
| CVE-2004-2608 | 1 Smartwebby | 1 Smart Guest Book | 2017-07-20 | 5.0 MEDIUM | N/A |
| SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. | |||||
| CVE-2004-2609 | 1 Symantec | 1 Powerquest Deploycenter | 2017-07-20 | 2.1 LOW | N/A |
| The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. | |||||
| CVE-2004-2610 | 1 Stefan Bambach | 1 Mntd | 2017-07-20 | 4.6 MEDIUM | N/A |
| mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a vulnerability because there is not necessarily any common usage in which privilege boundaries are crossed. Typical usage would restrict write access to the configuration file. | |||||
| CVE-2004-2611 | 1 Steven Schaefer | 1 Sophster | 2017-07-20 | 4.6 MEDIUM | N/A |
| The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities. | |||||
| CVE-2004-2612 | 1 Bnc | 1 Bnc | 2017-07-20 | 7.5 HIGH | N/A |
| BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users. | |||||
| CVE-2004-2615 | 1 Cutephp | 1 Cutenews | 2017-07-20 | 4.6 MEDIUM | N/A |
| The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact. | |||||
| CVE-2004-2617 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI. | |||||
| CVE-2004-2618 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). | |||||
| CVE-2004-2619 | 1 Paul L Daniels | 1 Ripmime | 2017-07-20 | 7.5 HIGH | N/A |
| ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted. | |||||
| CVE-2004-2621 | 1 Nortel | 1 Contivity | 2017-07-20 | 4.0 MEDIUM | N/A |
| Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. | |||||
| CVE-2004-2622 | 1 Altiris | 1 Deployment Server Extension For Ibm Director | 2017-07-20 | 10.0 HIGH | N/A |
| AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access. | |||||
| CVE-2004-2623 | 1 Matthew Skala | 1 Rippy The Aggregator | 2017-07-20 | 10.0 HIGH | N/A |
| Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter." | |||||
| CVE-2004-2624 | 1 Wackowiki | 1 Wackowiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter. | |||||
| CVE-2004-2625 | 1 Outblaze | 1 Outblaze Email | 2017-07-20 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag. | |||||
| CVE-2004-2626 | 1 Siemens | 1 S55 | 2017-07-20 | 3.7 LOW | N/A |
| GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message. | |||||
| CVE-2004-2627 | 1 Sun | 1 J2me | 2017-07-20 | 10.0 HIGH | N/A |
| Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code. | |||||
| CVE-2004-2628 | 1 Acme Labs | 1 Thttpd | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:"). | |||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 7.5 HIGH | N/A |
| The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 7.5 HIGH | N/A |
| Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | |||||
| CVE-2004-2632 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 7.5 HIGH | N/A |
| phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | |||||
| CVE-2004-2633 | 1 Arjohn Kampman | 1 Sesame Rdf Container | 2017-07-20 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors. | |||||
| CVE-2004-2634 | 1 Ibm | 1 Aix | 2017-07-20 | 6.2 MEDIUM | N/A |
| The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors. | |||||
| CVE-2004-2635 | 1 Mcafee | 1 Security Installer Control System | 2017-07-20 | 7.5 HIGH | N/A |
| An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method. | |||||
| CVE-2004-2636 | 1 Rit Research Labs | 1 Tinyweb | 2017-07-20 | 5.0 MEDIUM | N/A |
| TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL. | |||||
| CVE-2004-2637 | 1 Zonet | 1 Zsr1104we Wireless Router Runtime Code | 2017-07-20 | 6.4 MEDIUM | N/A |
| The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions. | |||||
| CVE-2004-2638 | 1 Oscommerce | 1 Oscommerce | 2017-07-20 | 7.5 HIGH | N/A |
| The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value. | |||||
| CVE-2004-2639 | 1 Drew Withers | 1 Journalness | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors. | |||||
| CVE-2004-2640 | 1 Ryszard Pydo | 1 Linuxstat | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter. | |||||
| CVE-2004-2641 | 1 Sun | 2 Netra 1280, Sun Fire | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set. | |||||
| CVE-2004-2642 | 1 Nathaniel Bray | 1 Yeemp | 2017-07-20 | 6.4 MEDIUM | N/A |
| Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender. | |||||
| CVE-2004-2643 | 1 Microsoft | 1 Cabarc | 2017-07-20 | 3.7 LOW | N/A |
| Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive. | |||||
| CVE-2004-2644 | 1 Asn.1 Compiler | 1 Asn.1 Compiler | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags. | |||||
| CVE-2004-2645 | 1 Asn.1 Compiler | 1 Asn.1 Compiler | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures." | |||||
| CVE-2004-2646 | 1 Reid Garner | 1 Free Web Chat | 2017-07-20 | 5.0 MEDIUM | N/A |
| The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null. | |||||
| CVE-2004-2647 | 1 Reid Garner | 1 Free Web Chat | 2017-07-20 | 5.0 MEDIUM | N/A |
| Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user. | |||||
| CVE-2004-2648 | 1 Faronics | 1 Freezex | 2017-07-20 | 1.0 LOW | N/A |
| FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file. | |||||