Total
28799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0705 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled. allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2007-2384 | 1 Script.aculo.us | 1 Script.aculo.us | 2024-02-14 | 7.8 HIGH | N/A |
| The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-1324 | 1 Snapgear | 6 560, 580, 585 and 3 more | 2024-02-14 | 5.0 MEDIUM | N/A |
| SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613. | |||||
| CVE-2006-4754 | 1 Comscripts | 1 Phprog | 2024-02-14 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. | |||||
| CVE-2006-6084 | 1 Unverse.net | 1 Abitwhizzy | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2003-0429 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 7.5 HIGH | N/A |
| The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow. | |||||
| CVE-2003-0926 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets. | |||||
| CVE-2005-1221 | 1 Ecommerce-carts | 1 Ecommpro | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2006-4561 | 1 Mozilla | 1 Firefox | 2024-02-14 | 7.5 HIGH | N/A |
| Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. | |||||
| CVE-2007-2383 | 1 Prototypejs | 1 Prototype Framework | 2024-02-14 | 5.0 MEDIUM | N/A |
| The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2006-3607 | 1 Softbiz | 1 Banner Exchange | 2024-02-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php. | |||||
| CVE-2004-0676 | 1 Fastream | 1 Netfile Ftp Web Server | 2024-02-14 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter. | |||||
| CVE-2007-2376 | 1 Dojo Toolkit | 1 Dojo Toolkit | 2024-02-14 | 5.0 MEDIUM | N/A |
| The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2006-6019 | 1 Bloo | 1 Bloo | 2024-02-14 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2005-1750 | 1 Distinct Web Creations | 1 Newsletterez | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2006-6092 | 1 20 20 Applications | 1 20 20 Auto Gallery | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters. | |||||
| CVE-2006-5953 | 1 Lynx Internet Solutions | 1 Evolve Merchant | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid parameter. | |||||
| CVE-2006-6205 | 1 Enthrallweb | 1 Ehomes | 2024-02-14 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter. | |||||
| CVE-2005-3246 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors. | |||||
| CVE-2001-0805 | 1 Tarantella | 1 Tarantella Enterprise | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter. | |||||