Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0665 | 1 Mantis | 1 Mantis | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. | |||||
| CVE-2006-0751 | 1 Noofs Team | 1 Network Object Oriented File System | 2011-03-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors. | |||||
| CVE-2006-0727 | 1 Musox | 1 Df Msanalysis | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name. | |||||
| CVE-2006-0056 | 1 Pam-mysql | 1 Pam-mysql | 2011-03-08 | 7.5 HIGH | N/A |
| Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL. | |||||
| CVE-2005-4833 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format. | |||||
| CVE-2006-0127 | 1 Rockliffe | 1 Mailsite | 2011-03-08 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command. | |||||
| CVE-2006-0089 | 1 Esri | 1 Arcpad | 2011-03-08 | 5.0 MEDIUM | N/A |
| Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute. | |||||
| CVE-2006-0201 | 1 Paypal | 1 Php Toolkit | 2011-03-08 | 5.0 MEDIUM | N/A |
| Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. | |||||
| CVE-2005-4834 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. | |||||
| CVE-2006-0313 | 1 Pdfdirectory | 1 Pdfdirectory | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php. | |||||
| CVE-2006-0067 | 1 Vego | 1 Vego Links Builder | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-0314 | 1 Pdfdirectory | 1 Pdfdirectory | 2011-03-08 | 7.5 HIGH | N/A |
| PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities. | |||||
| CVE-2006-0084 | 1 Rasmp | 1 Rasmp | 2011-03-08 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header). | |||||
| CVE-2006-0068 | 1 Primo Place | 1 Primo Cart | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) q parameter to search.php and (2) email parameter to user.php. | |||||
| CVE-2006-0122 | 1 Aquifer Cms | 1 Aquifer Cms | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. | |||||
| CVE-2006-0158 | 1 Cyberdoc | 1 Sitesuite Cms | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2006-0093 | 1 Ecardmax.com | 1 Atcard Me Php | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-0185 | 1 Php-nuke | 2 News Module, Pool Module | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. | |||||
| CVE-2006-0085 | 1 Nkads | 1 Nkads | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters. | |||||
| CVE-2006-0086 | 1 Next Generation Image Gallery | 1 Next Generation Image Gallery | 2011-03-08 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-0129 | 1 Rockliffe | 1 Mailsite | 2011-03-08 | 5.0 MEDIUM | N/A |
| Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. | |||||
| CVE-2006-0112 | 1 Enhanced Simple Php Gallery | 1 Enhanced Simple Php Gallery | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | |||||
| CVE-2006-0109 | 1 Modular Merchant | 1 Shopping Cart | 2011-03-08 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-0077 | 1 Richard Dawe | 1 File Extattr | 2011-03-08 | 2.1 LOW | N/A |
| Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors. | |||||
| CVE-2006-0090 | 1 Idv Directory Viewer | 1 Idv Directory Viewer | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter. | |||||
| CVE-2005-4823 | 1 Hp | 1 Http Server | 2011-03-08 | 10.0 HIGH | N/A |
| Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-4806 | 1 Sun | 1 Java System Web Proxy Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unresponsive service) via unknown vectors. | |||||
| CVE-2006-0202 | 1 Paypal | 1 Php Toolkit | 2011-03-08 | 3.6 LOW | N/A |
| Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. | |||||
| CVE-2006-0125 | 1 Appserv Open Project | 1 Appserv | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. There is not enough detail from these third party sources to know whether this is directory traversal, remote file include, or another issue. | |||||
| CVE-2006-0126 | 1 Rxvt-unicode | 1 Rxvt-unicode | 2011-03-08 | 4.6 MEDIUM | N/A |
| rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. | |||||
| CVE-2005-4324 | 1 Hitachi | 1 Groupmax Mail Smtp | 2011-03-08 | 7.8 HIGH | N/A |
| Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format." | |||||
| CVE-2005-4353 | 1 Toenda Software Development | 1 Toendacms | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-4570 | 1 Fortinet | 3 Forticlient, Fortimanager, Fortios | 2011-03-08 | 7.8 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2005-4350 | 1 Sun | 1 Wbem Services | 2011-03-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors. | |||||
| CVE-2005-4567 | 1 Floosietek | 1 Ftgate | 2011-03-08 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (Build 4.4.000 Oct 26 2005) allow remote attackers to inject arbitrary web script or HTML by sending (1) the href parameter to index.fts, or the param1 parameter to (2) /domains/index.fts, (3) /config/licence.fts, or (4) /config/systemacl.fts. | |||||
| CVE-2005-4394 | 1 Formicary Ltd. | 1 Epix | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters. | |||||
| CVE-2005-4655 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>". | |||||
| CVE-2005-4707 | 1 Php Gen | 1 Php Gen | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2005-4564 | 1 Adtran | 1 Netvanta | 2011-03-08 | 5.0 MEDIUM | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to cause a denial of service via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
| CVE-2005-4395 | 1 Farcry | 1 Farcry | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the criteria parameter. | |||||
| CVE-2005-4706 | 1 Sun | 1 Solaris | 2011-03-08 | 2.1 LOW | N/A |
| Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function. | |||||
| CVE-2005-4568 | 1 Floosietek | 1 Ftgate | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote attackers to execute arbitrary code via format string specifiers in the (1) USER, (2) PASS, and (3) TOP commands to the POP3 server; and the (4) LIST and (5) AUTHENTICATE commands to the IMAP server. | |||||
| CVE-2005-4569 | 1 Floosietek | 1 Ftgate | 2011-03-08 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzoffset value. | |||||
| CVE-2005-4375 | 1 Box Uk | 1 Amaxus | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376. | |||||
| CVE-2005-4355 | 1 Xmpie | 1 Ustore | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4377 | 1 Nma | 1 Baseline Cms | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters. | |||||
| CVE-2005-4565 | 1 Adtran | 1 Netvanta | 2011-03-08 | 10.0 HIGH | N/A |
| Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
| CVE-2005-4654 | 1 Hp | 1 Oracle For Openview | 2011-03-08 | 6.4 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. NOTE: because of the lack of details in the vendor advisory, it is unclear which set of existing CVEs this advisory might refer to. | |||||
| CVE-2005-4354 | 1 University Of Arizona | 1 Webglimpse | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2005-4405 | 1 Random Mouse Software | 1 Red Queen | 2011-03-08 | 5.0 MEDIUM | N/A |
| redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to obtain the full server path via invalid (1) yellowpage_id, (2) skin_id, (3) supplier_id, and (4) module parameters, which leaks the path in an error message. | |||||