Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4037 | 1 Web4future | 1 Affiliate Manager Professional | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2005-4019 | 1 Relative Real Estate Systems | 1 Relative Real Estate Systems | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter. | |||||
| CVE-2006-0228 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2017-07-20 | 7.2 HIGH | N/A |
| The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active. | |||||
| CVE-2005-4015 | 1 Php Web | 1 Statistik | 2017-07-20 | 5.0 MEDIUM | N/A |
| PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php. | |||||
| CVE-2006-0226 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 10.0 HIGH | N/A |
| Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames. | |||||
| CVE-2006-0219 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 7.5 HIGH | N/A |
| The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. | |||||
| CVE-2006-0217 | 1 Ultimate Auction | 1 Ultimate Auction | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1. | |||||
| CVE-2005-4014 | 1 Php Web | 1 Statistik | 2017-07-20 | 7.8 HIGH | N/A |
| stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value. | |||||
| CVE-2006-0214 | 1 Indexcor | 1 Ezdatabase | 2017-07-20 | 7.5 HIGH | N/A |
| Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls. | |||||
| CVE-2006-0206 | 1 Light Weight Calendar | 1 Light Weight Calendar | 2017-07-20 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php. | |||||
| CVE-2005-4013 | 1 Php Web | 1 Statistik | 2017-07-20 | 5.0 MEDIUM | N/A |
| PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file. | |||||
| CVE-2005-4012 | 1 Php Web | 1 Statistik | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php. | |||||
| CVE-2006-0184 | 1 Mainenet Enterprises | 1 Asptopsites | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp. | |||||
| CVE-2006-0181 | 1 Cisco | 1 Cs-mars | 2017-07-20 | 7.2 HIGH | N/A |
| Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. | |||||
| CVE-2006-0178 | 1 Cray | 1 Unicos | 2017-07-20 | 7.2 HIGH | N/A |
| Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. | |||||
| CVE-2006-0177 | 1 Cray | 1 Unicos | 2017-07-20 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line. | |||||
| CVE-2006-0166 | 1 Symantec | 1 Norton System Works | 2017-07-20 | 7.5 HIGH | N/A |
| Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products. | |||||
| CVE-2006-0165 | 1 Plain Black | 1 Webgui | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form. | |||||
| CVE-2005-4010 | 1 Sensation Designs | 1 Kbase Express | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php. | |||||
| CVE-2006-0164 | 1 Woah-projekt | 1 Phgstats | 2017-07-20 | 7.5 HIGH | N/A |
| phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable. | |||||
| CVE-2006-0163 | 1 Francisco Burzi | 1 Php-nuke Ev | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. | |||||
| CVE-2006-0162 | 1 Clam Anti-virus | 1 Clamav | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. | |||||
| CVE-2006-0142 | 1 Andromeda Software | 1 Andromeda | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0141 | 1 Eudora | 1 Internet Mail Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file. | |||||
| CVE-2006-0139 | 1 Pd9 Software | 1 Megabbs | 2017-07-20 | 5.0 MEDIUM | N/A |
| The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter. | |||||
| CVE-2006-0148 | 1 Netsarang | 1 Xlpd | 2017-07-20 | 5.0 MEDIUM | N/A |
| NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. | |||||
| CVE-2006-0128 | 1 Rockliffe | 1 Mailsite | 2017-07-20 | 10.0 HIGH | N/A |
| Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors. | |||||
| CVE-2005-4000 | 1 Sitebeater | 1 Sitebeater News | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the sKeywords parameter. | |||||
| CVE-2005-3999 | 1 Sitebeater | 1 Sitebeater Mp3 Catalog | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2006-0111 | 1 Boxcar Media | 1 Shopping Cart | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter. | |||||
| CVE-2006-0083 | 1 Stefan Frings | 1 Sms Server Tools | 2017-07-20 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors. | |||||
| CVE-2006-0108 | 1 Idea Development Id Oy | 1 Timecan Cms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0107. | |||||
| CVE-2005-3998 | 1 Solupress | 1 Solupress News | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||||
| CVE-2006-0107 | 1 Idea Development Id Oy | 1 Timecan Cms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108. | |||||
| CVE-2005-3986 | 1 Verosky Media | 1 Instant Photo Gallery | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php. | |||||
| CVE-2005-3976 | 1 Duware | 11 Duamazon, Duarticle, Duclassified and 8 more | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter. | |||||
| CVE-2006-0059 | 1 Livedata | 1 Iccp Server | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. | |||||
| CVE-2005-3958 | 1 Entergal Mx | 1 Entergal Mx | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter. | |||||
| CVE-2006-0055 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 2.1 LOW | N/A |
| The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. | |||||
| CVE-2006-0054 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 5.0 MEDIUM | N/A |
| The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. | |||||
| CVE-2005-3954 | 1 Blogbuddies | 1 Blogbuddies | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php. | |||||
| CVE-2006-0050 | 1 Debian | 1 Debian Linux | 2017-07-20 | 1.2 LOW | N/A |
| snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. | |||||
| CVE-2006-0048 | 1 Francesco Stablum | 1 Tcpick | 2017-07-20 | 5.0 MEDIUM | N/A |
| Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer overflow or overread. | |||||
| CVE-2006-0046 | 1 Cameron Simpson | 1 Adzapper | 2017-07-20 | 7.8 HIGH | N/A |
| squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions. | |||||
| CVE-2006-0045 | 1 Linley Henzell | 1 Dungeon Crawl | 2017-07-20 | 7.2 HIGH | N/A |
| crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges. | |||||
| CVE-2006-0044 | 1 Albatross | 1 Albatross | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the "handling of submitted form fields". | |||||
| CVE-2005-3947 | 1 Sergey Korostel | 1 Php Upload Center | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter. | |||||
| CVE-2005-3935 | 1 Socketkb | 1 Socketkb | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters. | |||||
| CVE-2006-0043 | 1 Suse | 1 Suse Linux | 2017-07-20 | 4.6 MEDIUM | N/A |
| Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks. | |||||
| CVE-2005-4813 | 1 Businessobjects | 4 Crystal Enterprise Xi, Crystal Reports Server Xi, Crystal Reports Xi and 1 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections. | |||||