Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0509 | 1 Cerberus | 1 Cerberus Helpdesk | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields. | |||||
| CVE-2006-0518 | 1 Spip | 1 Spip | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2006-0519 | 1 Spip | 1 Spip | 2017-07-20 | 5.0 MEDIUM | N/A |
| SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message. | |||||
| CVE-2006-0657 | 1 Softcomplex | 1 Php Event Calendar | 2017-07-20 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS. | |||||
| CVE-2006-0661 | 1 Scriptme | 2 Sme Blog Host, Sme Gb Host | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag. | |||||
| CVE-2006-0662 | 1 Ibm | 1 Lotus Domino Inotes Client | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. | |||||
| CVE-2006-0663 | 1 Ibm | 1 Lotus Domino Inotes Client | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. | |||||
| CVE-2006-0664 | 1 Mantis | 1 Mantis | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. | |||||
| CVE-2006-0666 | 1 Ibm | 1 Aix | 2017-07-20 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX. | |||||
| CVE-2006-0669 | 1 Gasoft | 1 Gas Forum Light | 2017-07-20 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments. | |||||
| CVE-2006-0671 | 1 Sony Ericsson | 4 K600i, T68i, V600i and 1 more | 2017-07-20 | 7.8 HIGH | N/A |
| Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet. | |||||
| CVE-2006-0674 | 1 Ibm | 1 Aix | 2017-07-20 | 4.6 MEDIUM | N/A |
| Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument. | |||||
| CVE-2006-0680 | 1 Plain Black | 1 Webgui | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL. | |||||
| CVE-2006-0681 | 1 Power Daemon | 1 Power Daemon | 2017-07-20 | 7.5 HIGH | N/A |
| Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable. | |||||
| CVE-2006-0682 | 1 E107 | 1 E107 | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-0694 | 1 Ansilove | 1 Ansilove | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver". | |||||
| CVE-2006-0695 | 1 Ansilove | 1 Ansilove | 2017-07-20 | 7.5 HIGH | N/A |
| Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory. | |||||
| CVE-2006-0696 | 1 Zen Cart | 1 Zen Cart | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-0698 | 1 Zen Cart | 1 Zen Cart | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection. | |||||
| CVE-2006-0699 | 1 David Barrett | 1 Qwikiwiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2006-0700 | 1 Imagevue | 1 Imagevue | 2017-07-20 | 5.0 MEDIUM | N/A |
| imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions. | |||||
| CVE-2006-0701 | 1 Imagevue | 1 Imagevue | 2017-07-20 | 5.0 MEDIUM | N/A |
| readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters. | |||||
| CVE-2006-0702 | 1 Imagevue | 1 Imagevue | 2017-07-20 | 5.0 MEDIUM | N/A |
| admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal. | |||||
| CVE-2006-0704 | 1 Ie | 1 Ie Integrator | 2017-07-20 | 2.6 LOW | N/A |
| iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username. | |||||
| CVE-2006-0705 | 2 Attachmatewrq, F-secure | 2 Reflection For Secure It Server, F-secure Ssh Server | 2017-07-20 | 6.5 MEDIUM | N/A |
| Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. | |||||
| CVE-2006-0707 | 1 Pyblosxom | 1 Pyblosxom | 2017-07-20 | 5.0 MEDIUM | N/A |
| PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable. | |||||
| CVE-1999-0955 | 1 Washington University | 1 Wu-ftpd | 2017-07-19 | 7.6 HIGH | N/A |
| Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command. | |||||
| CVE-2001-1495 | 1 Freshmeat | 2 Network Query Tool, Network Query Tool Phpnuke | 2017-07-19 | 7.5 HIGH | N/A |
| network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter. | |||||
| CVE-2002-0449 | 1 Talentsoft | 1 Web\+ Server | 2017-07-19 | 10.0 HIGH | N/A |
| Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe. | |||||
| CVE-2002-0993 | 1 Hp | 1 Instant Support | 2017-07-19 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files. | |||||
| CVE-2002-1479 | 1 The Cacti Group | 1 Cacti | 2017-07-19 | 4.6 MEDIUM | N/A |
| Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges. | |||||
| CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | |||||
| CVE-2004-1175 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-19 | 7.5 HIGH | N/A |
| fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||||
| CVE-2004-1583 | 1 Tridcomm | 1 Tridcomm | 2017-07-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT. | |||||
| CVE-2004-1679 | 1 Jigunet | 2 Twinftp Enterprise, Twinftp Standard | 2017-07-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands. | |||||
| CVE-2004-1712 | 1 Typepad | 1 Typepad | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter. | |||||
| CVE-2004-2020 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. | |||||
| CVE-2004-2056 | 1 Nucleus Group | 1 Nucleus Cms | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter. | |||||
| CVE-2004-2059 | 1 Xlinesoft | 1 Asprunner | 2017-07-19 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp. | |||||
| CVE-2005-0505 | 1 Stackworks Enterprises | 1 Information Resource Manager | 2017-07-19 | 7.5 HIGH | N/A |
| Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins. | |||||
| CVE-2005-3318 | 1 Jed Wing | 1 Chm Lib | 2017-07-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930. | |||||
| CVE-2017-5245 | 2017-07-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2010-0771 | 2017-07-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3552. Reason: This candidate is a reservation duplicate of CVE-2010-3552. Notes: All CVE users should reference CVE-2010-3552 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-10988 | 2017-07-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2012-1302 | 1 Ammap Project | 1 Ammap | 2017-07-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf. | |||||
| CVE-2014-3903 | 1 Jayj | 1 Cakifo | 2017-07-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data. | |||||
| CVE-2015-0901 | 1 Flashy Project | 1 Flashy | 2017-07-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1172 | 1 Holding Pattern Project | 1 Holding Pattern | 2017-07-17 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2015-1579 | 1 Elegant Themes | 1 Divi | 2017-07-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734. | |||||
| CVE-2017-1000055 | 2017-07-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||