Total
28799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0811 | 1 Microsoft | 1 Ie | 2024-02-14 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. | |||||
| CVE-2005-1869 | 1 Appindex | 1 Mwchat | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter. | |||||
| CVE-2006-4554 | 1 Becubed | 1 Compression Plus | 2024-02-14 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header. | |||||
| CVE-2006-6934 | 1 Portix-php | 1 Portix-php | 2024-02-14 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post. | |||||
| CVE-2005-0603 | 1 Phpbb Group | 1 Phpbb | 2024-02-14 | 5.0 MEDIUM | N/A |
| viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. | |||||
| CVE-2005-2491 | 1 Pcre | 1 Pcre | 2024-02-14 | 7.5 HIGH | N/A |
| Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. | |||||
| CVE-2005-1470 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors. | |||||
| CVE-2004-1106 | 2 Gallery Project, Gentoo | 2 Gallery, Linux | 2024-02-14 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | |||||
| CVE-2006-3397 | 1 Pkr Internet | 1 Taskjitsu | 2024-02-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task. | |||||
| CVE-2002-0821 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 7.5 HIGH | N/A |
| Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. | |||||
| CVE-2006-6464 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2024-02-14 | 5.0 MEDIUM | N/A |
| viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart. | |||||
| CVE-2002-1429 | 1 Endity.com | 1 Shoutbox | 2024-02-14 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter. | |||||
| CVE-2006-7093 | 1 Mamboxchange | 1 Laithai | 2024-02-14 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2003-1187 | 1 Phpkit | 1 Phpkit | 2024-02-14 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter. | |||||
| CVE-2006-5945 | 1 Mginternet | 1 Car Site Manager | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp. | |||||
| CVE-2004-1761 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file. | |||||
| CVE-2003-0937 | 1 Sco | 2 Open Unix, Unixware | 2024-02-14 | 4.6 MEDIUM | N/A |
| SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user. | |||||
| CVE-2006-4966 | 1 Chumpsoft | 1 Phpquestionnaire | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter. | |||||
| CVE-2006-0371 | 1 Noah Medling | 1 Rcblog | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter. | |||||
| CVE-2005-1161 | 1 Oneworldstore | 1 Oneworldstore | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp. | |||||