Total
28764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1144 | 1 Hp | 1 Hp-ux | 2024-02-14 | 7.2 HIGH | N/A |
| Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. | |||||
| CVE-2006-4720 | 1 Mcgallery | 1 Mcgallery Pro | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. | |||||
| CVE-2004-1761 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file. | |||||
| CVE-2005-1865 | 1 Vincent Hor | 1 Calendarix Advanced | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php. | |||||
| CVE-2003-1187 | 1 Phpkit | 1 Phpkit | 2024-02-14 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter. | |||||
| CVE-2004-2488 | 1 Nexgen | 1 Nexgen Ftp Server | 2024-02-14 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands. | |||||
| CVE-2006-4788 | 1 Telekorn | 1 Signkorn Guestbook | 2024-02-14 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter. | |||||
| CVE-2004-0185 | 1 Washington University | 1 Wu-ftpd | 2024-02-14 | 10.0 HIGH | N/A |
| Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. | |||||
| CVE-2006-4964 | 1 Maxdev | 1 Md-pro | 2024-02-14 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker. | |||||
| CVE-2006-6712 | 1 Sugarcrm | 1 Sugarcrm | 2024-02-14 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages. | |||||
| CVE-2009-0072 | 1 Microsoft | 1 Internet Explorer | 2024-02-14 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. | |||||
| CVE-2007-2383 | 1 Prototypejs | 1 Prototype Framework | 2024-02-14 | 5.0 MEDIUM | N/A |
| The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2006-0250 | 1 Carnegie Mellon University | 1 Snmptrapd | 2024-02-14 | 6.4 MEDIUM | N/A |
| Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162. | |||||
| CVE-2006-5761 | 1 Rhadrix | 1 If-cms | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter. | |||||
| CVE-2006-6935 | 1 Portix-php | 1 Portix-php | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields. | |||||
| CVE-2002-1934 | 1 Pingtel | 1 Xpressa | 2024-02-14 | 5.0 MEDIUM | N/A |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information. | |||||
| CVE-2005-3313 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2006-6152 | 1 Vspin.net | 1 Classified System | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp. | |||||
| CVE-2005-2075 | 1 Php Fusion | 1 Php Fusion | 2024-02-14 | 5.0 MEDIUM | N/A |
| PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0. | |||||
| CVE-2005-1187 | 1 X-ways Software Technology Ag | 1 Winhex | 2024-02-14 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument. NOTE: since this overflow is in the command line of an unprivileged program, it is highly likely that this is not a vulnerability. | |||||