Total
28764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1209 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2024-02-14 | 5.0 MEDIUM | N/A |
| PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file. | |||||
| CVE-2000-0707 | 1 Pccs-linux | 1 Mysqldatabase Admin Tool | 2024-02-14 | 7.5 HIGH | N/A |
| PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password. | |||||
| CVE-2006-6090 | 1 Baalasp | 1 Smart Form Portal | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp. | |||||
| CVE-2006-6208 | 1 Enthrallweb | 1 Eclassifieds | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp. | |||||
| CVE-2002-0488 | 1 Linux Directory Penguin | 1 Linux Directory Penguin Traceroute | 2024-02-14 | 10.0 HIGH | N/A |
| Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter. | |||||
| CVE-2004-2368 | 1 The Opt-x Project | 1 Opt-x | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 allows remote attackers to execute arbitrary PHP code via the systempath parameter. | |||||
| CVE-2006-5238 | 1 Blue Smiley Organizer | 1 Blue Smiley Organizer | 2024-02-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors. | |||||
| CVE-2005-1780 | 1 Dotnetindex | 1 Active News Manager | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2001-0948 | 1 Valicert | 1 Enterprise Validation Authority | 2024-02-14 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed. | |||||
| CVE-2003-0081 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 7.5 HIGH | N/A |
| Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. | |||||
| CVE-2004-1333 | 2 Linux, Redhat | 3 Linux Kernel, Fedora Core, Linux | 2024-02-14 | 2.1 LOW | N/A |
| Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow. | |||||
| CVE-2006-3398 | 1 Pkr Internet | 1 Taskjitsu | 2024-02-14 | 5.0 MEDIUM | N/A |
| The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor. | |||||
| CVE-2006-4560 | 1 Microsoft | 1 Ie | 2024-02-14 | 7.5 HIGH | N/A |
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. | |||||
| CVE-2000-0141 | 1 Infopop | 1 Ultimate Bulletin Board | 2024-02-14 | 10.0 HIGH | N/A |
| Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field. | |||||
| CVE-2001-1193 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command. | |||||
| CVE-2002-1349 | 1 Trend Micro | 2 Officescan, Pc-cillin | 2024-02-14 | 4.6 MEDIUM | N/A |
| Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3). | |||||
| CVE-2006-2483 | 1 Lighthouse Development | 1 Squirrelcart | 2024-02-14 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cart_content.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cart_isp_root parameter. | |||||
| CVE-2005-2979 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter. | |||||
| CVE-2006-6066 | 1 Dragon Internet | 1 Events Listing | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp. | |||||
| CVE-2005-3243 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow remote attackers to execute arbitrary code via unknown vectors in the (1) SLIMP3 and (2) AgentX dissector. | |||||