Total
28764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4036 | 1 Pbboard | 1 Pbboard | 2024-02-14 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216. | |||||
| CVE-2006-3208 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-02-14 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB. | |||||
| CVE-2006-1932 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 10.0 HIGH | N/A |
| Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors. | |||||
| CVE-2006-6205 | 1 Enthrallweb | 1 Ehomes | 2024-02-14 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter. | |||||
| CVE-2005-3512 | 1 Vubb | 1 Vubb | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action. | |||||
| CVE-2006-5969 | 1 Fvwm | 1 Fvwm | 2024-02-14 | 4.6 MEDIUM | N/A |
| CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308. | |||||
| CVE-2006-5917 | 1 Omnistar Interactive | 1 Omnistar Article Manager | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OmniStar Article Manager allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in (a) articles/comments.php and (b) articles/article.php, and the (2) page_id parameter in (c) articles/pages.php. | |||||
| CVE-2005-0009 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2002-0822 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 7.5 HIGH | N/A |
| Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. | |||||
| CVE-2007-0811 | 1 Microsoft | 1 Ie | 2024-02-14 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. | |||||
| CVE-2001-1199 | 1 Steve Kneizys | 1 Agora.cgi | 2024-02-14 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter. | |||||
| CVE-2004-2363 | 1 Phpx | 1 Phpx | 2024-02-14 | 4.3 MEDIUM | N/A |
| Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal "<", ">", "(", and ")" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors. | |||||
| CVE-2000-0240 | 1 Vqsoft | 1 Vqserver | 2024-02-14 | 5.0 MEDIUM | N/A |
| vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack. | |||||
| CVE-2005-4747 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page. | |||||
| CVE-2005-0766 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2004-1140 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp. | |||||
| CVE-2005-1468 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors that lead to a null dereference. | |||||
| CVE-2005-3545 | 1 Ibproarcade | 1 Ibproarcade | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2006-1073 | 1 Simplog | 1 Simplog | 2024-02-14 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters. | |||||
| CVE-2006-6074 | 1 Enthrallweb | 1 Eshopping Cart | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier. | |||||