Total
28799 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5236 | 1 4homepages | 1 4images | 2024-02-14 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter. | |||||
CVE-2005-4249 | 1 Adp | 1 Adp Forum | 2024-02-14 | 5.0 MEDIUM | N/A |
ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory. | |||||
CVE-1999-1161 | 1 Hp | 1 Hp-ux | 2024-02-14 | 7.2 HIGH | N/A |
Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. | |||||
CVE-2005-3159 | 1 Php Fusion | 1 Php Fusion | 2024-02-14 | 7.5 HIGH | N/A |
SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158. | |||||
CVE-2001-0947 | 1 Valicert | 1 Enterprise Validation Authority | 2024-02-14 | 7.5 HIGH | N/A |
Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path. | |||||
CVE-2006-5237 | 1 Blue Smiley Organizer | 1 Blue Smiley Organizer | 2024-02-14 | 7.5 HIGH | N/A |
SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2005-3245 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled, allows remote attackers to cause a denial of service (memory consumption). | |||||
CVE-2005-3586 | 1 Mambo | 1 Mambo | 2024-02-14 | 5.0 MEDIUM | N/A |
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. | |||||
CVE-2006-4788 | 1 Telekorn | 1 Signkorn Guestbook | 2024-02-14 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter. | |||||
CVE-2001-0948 | 1 Valicert | 1 Enterprise Validation Authority | 2024-02-14 | 7.5 HIGH | N/A |
Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed. | |||||
CVE-1999-1227 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 7.2 HIGH | N/A |
Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file. | |||||
CVE-2006-1107 | 1 Nmdeluxe | 1 Nmdeluxe | 2024-02-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. | |||||
CVE-2006-6074 | 1 Enthrallweb | 1 Eshopping Cart | 2024-02-14 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier. | |||||
CVE-2006-1939 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors. | |||||
CVE-2004-2092 | 1 Broadcom | 1 Inoculateit | 2024-02-14 | 4.6 MEDIUM | N/A |
eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information. | |||||
CVE-2007-3796 | 1 Mailmarshal | 1 Mailmarshal Smtp | 2024-02-14 | 7.6 HIGH | N/A |
The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. | |||||
CVE-2006-1202 | 1 Jcink.com | 1 Textfilebb | 2024-02-14 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value. | |||||
CVE-2005-0007 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion). | |||||
CVE-2002-0203 | 1 Tarantella | 1 Tarantella Enterprise | 2024-02-14 | 5.0 MEDIUM | N/A |
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter. | |||||
CVE-2006-4664 | 1 Premod Shadow | 1 Premod Shadow | 2024-02-14 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |