Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1437 | 1 Upoint | 1 At1 Event Publisher | 2008-09-05 | 5.0 MEDIUM | N/A |
| UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt. | |||||
| CVE-2006-0718 | 1 Avaya | 5 Csu 5000, Vsu 100, Vsu 10000 and 2 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2006-0892 | 1 Nocc | 1 Nocc | 2008-09-05 | 7.5 HIGH | N/A |
| NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities. | |||||
| CVE-2006-0893 | 1 Nocc | 1 Nocc | 2008-09-05 | 5.0 MEDIUM | N/A |
| NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments. | |||||
| CVE-2006-0894 | 1 Nocc | 1 Nocc | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no_mail parameter in no_mail.php, the (4) page_line, (5) prev, and (6) next parameters in html_bottom_table.php, and the (7) _SESSION['nocc_theme'] parameter in footer.php. | |||||
| CVE-2006-0895 | 1 Nocc | 1 Nocc | 2008-09-05 | 5.0 MEDIUM | N/A |
| NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php. | |||||
| CVE-2006-0935 | 1 Microsoft | 1 Word | 2008-09-05 | 2.6 LOW | N/A |
| Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. | |||||
| CVE-2006-0942 | 1 Pwsphp | 1 Pwsphp | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509. | |||||
| CVE-2006-1005 | 1 Cactusoft | 1 Parodia | 2008-09-05 | 6.4 MEDIUM | N/A |
| agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1034 | 1 Woltlab | 1 Burning Board | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS. | |||||
| CVE-2006-1035 | 1 Oracle | 2 Diagnostics, E-business Suite | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors. | |||||
| CVE-2006-1036 | 1 Oracle | 1 Diagnostics | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to "permissions." | |||||
| CVE-2006-1047 | 1 Joomla | 1 Joomla | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors. | |||||
| CVE-2006-0373 | 1 Douran | 1 Followweb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0419 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 6.4 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections. | |||||
| CVE-2006-0420 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors." | |||||
| CVE-2006-0463 | 1 Ideosoft Design | 1 Ideocontent Manager | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php. | |||||
| CVE-2006-0464 | 1 Ideosoft Design | 1 Ideocontent Manager | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter. | |||||
| CVE-2006-0465 | 1 Active121 | 1 Site Manager | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter. | |||||
| CVE-2006-0535 | 1 Communityserver.org | 1 Community Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Community Server allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: this candidate does not contain any actionable or distinguishing information. Perhaps it should not be included in CVE. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0543 | 1 Cerulean Studios | 1 Trillian | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0544 | 1 Microsoft | 1 Ie | 2008-09-05 | 7.5 HIGH | N/A |
| urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. | |||||
| CVE-2006-0646 | 1 Suse | 1 Suse Linux | 2008-09-05 | 4.4 MEDIUM | N/A |
| ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file. | |||||
| CVE-2006-0668 | 1 Pwsphp | 1 Pwsphp | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espace_membre module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4858 | 1 Chitta | 1 Mimicboard 2 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element. | |||||
| CVE-2005-4859 | 1 Chitta | 1 Mimicboard | 2008-09-05 | 6.4 MEDIUM | N/A |
| mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mimic2.dat. | |||||
| CVE-2005-4860 | 1 Spectrum | 1 Cash Receipting System | 2008-09-05 | 6.9 MEDIUM | N/A |
| Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password. | |||||
| CVE-2005-4861 | 1 Jasio.net | 1 Ragnarok Online Control Panel | 2008-09-05 | 7.5 HIGH | N/A |
| functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | |||||
| CVE-2005-4862 | 1 Xwiki | 1 Xwiki | 2008-09-05 | 5.0 MEDIUM | N/A |
| The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | |||||
| CVE-2006-0071 | 1 Gentoo | 2 App-crypt Pinentry, Linux | 2008-09-05 | 6.6 MEDIUM | N/A |
| The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. | |||||
| CVE-2006-0072 | 1 Sco | 1 Openserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector. | |||||
| CVE-2006-0073 | 1 Discusware | 2 Discus Freeware, Discus Professional | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0098 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 4.6 MEDIUM | N/A |
| The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/. | |||||
| CVE-2006-0113 | 1 Enhanced Simple Php Gallery | 1 Enhanced Simple Php Gallery | 2008-09-05 | 5.0 MEDIUM | N/A |
| Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sp_helper_functions.php, which leaks the pathname in an error message. | |||||
| CVE-2006-0130 | 1 Rockliffe | 1 Mailsite | 2008-09-05 | 7.5 HIGH | N/A |
| Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account. | |||||
| CVE-2006-0138 | 1 Amsn | 1 Amsn | 2008-09-05 | 5.0 MEDIUM | N/A |
| aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891). | |||||
| CVE-2006-0149 | 1 Simpbook | 1 Simpbook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field. | |||||
| CVE-2006-0157 | 1 Reamday Enterprises | 1 Magic News Plus | 2008-09-05 | 5.0 MEDIUM | N/A |
| settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters. | |||||
| CVE-2006-0215 | 1 Qualityebiz | 1 Quality Ppc | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216. | |||||
| CVE-2006-0216 | 1 Qualityebiz | 1 Quality Ppc | 2008-09-05 | 5.0 MEDIUM | N/A |
| admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter. | |||||
| CVE-2006-0303 | 1 Joomla | 1 Joomla | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors. | |||||
| CVE-2005-4578 | 1 Hitachi | 1 Business Logic | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form. | |||||
| CVE-2005-4586 | 1 Phpsurveyor | 1 Phpsurveyor | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts. | |||||
| CVE-2005-4587 | 1 Juniper | 1 Netscreen-security Manager 2004 | 2008-09-05 | 7.8 HIGH | N/A |
| Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port). | |||||
| CVE-2005-4622 | 1 Efilego | 1 Efilego | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe. | |||||
| CVE-2005-4623 | 1 Efilego | 1 Efilego | 2008-09-05 | 5.0 MEDIUM | N/A |
| upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name. | |||||
| CVE-2005-4624 | 1 Ptnet | 1 Ptnet Ircd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users. | |||||
| CVE-2005-4645 | 1 3cfr | 1 3cfr | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter. | |||||
| CVE-2005-4648 | 1 Illustrate | 1 Dbpoweramp Music Converter | 2008-09-05 | 5.1 MEDIUM | N/A |
| Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue. | |||||
| CVE-2005-4649 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548. | |||||