Total
28799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5889 | 1 Brewblogger | 1 Brewblogger | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5094 | 1 Phpbb Xs | 1 Phpbb Xs | 2024-02-14 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893. | |||||
| CVE-2005-1329 | 1 Oneworldstore | 1 Oneworldstore | 2024-02-14 | 5.0 MEDIUM | N/A |
| owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter. | |||||
| CVE-2005-1786 | 1 Funkyasp | 1 Funkyasp Ad System | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter. | |||||
| CVE-2006-4834 | 1 Phpquiz | 1 Phpquiz | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter. | |||||
| CVE-2004-2363 | 1 Phpx | 1 Phpx | 2024-02-14 | 4.3 MEDIUM | N/A |
| Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal "<", ">", "(", and ")" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors. | |||||
| CVE-2007-1304 | 1 Savas Place | 1 Savas Guestbook | 2024-02-14 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters. | |||||
| CVE-2005-3244 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | |||||
| CVE-2007-2457 | 1 Pixaria | 1 Pixaria Gallery | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter. | |||||
| CVE-2005-0766 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2006-3603 | 1 Seyeon | 1 Flexwatch Network Camera | 2024-02-14 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2007-2382 | 1 Mad4milk | 1 Moo.fx | 2024-02-14 | 5.0 MEDIUM | N/A |
| The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2005-3313 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2007-2861 | 1 Saxon | 1 Saxon | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php. | |||||
| CVE-2005-1047 | 1 Phpbb Group | 1 Phpbb | 2024-02-14 | 7.5 HIGH | N/A |
| Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory. | |||||
| CVE-2005-0324 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2024-02-14 | 5.0 MEDIUM | N/A |
| Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message. | |||||
| CVE-2006-3604 | 1 Seyeon | 1 Flexwatch Network Camera | 2024-02-14 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL. | |||||
| CVE-2009-0072 | 1 Microsoft | 1 Internet Explorer | 2024-02-14 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. | |||||
| CVE-2006-4973 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter. | |||||
| CVE-2006-6930 | 1 Ga Soft | 1 Rapid Classified | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||