Total
28764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2384 | 1 Script.aculo.us | 1 Script.aculo.us | 2024-02-14 | 7.8 HIGH | N/A |
| The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2006-5598 | 1 Webgeneius | 1 Goop Gallery | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter. | |||||
| CVE-2005-3247 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | |||||
| CVE-2005-0323 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2004-2092 | 1 Broadcom | 1 Inoculateit | 2024-02-14 | 4.6 MEDIUM | N/A |
| eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information. | |||||
| CVE-2006-1080 | 1 Game-panel | 1 Game-panel | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value. | |||||
| CVE-2006-4834 | 1 Phpquiz | 1 Phpquiz | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter. | |||||
| CVE-2006-5094 | 1 Phpbb Xs | 1 Phpbb Xs | 2024-02-14 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893. | |||||
| CVE-2000-0411 | 1 Matt Wright | 1 Formmail | 2024-02-14 | 5.0 MEDIUM | N/A |
| Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter. | |||||
| CVE-2006-4523 | 1 2wire Inc | 2 Homeportal, Officeportal | 2024-02-14 | 5.0 MEDIUM | N/A |
| The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request. | |||||
| CVE-2006-5945 | 1 Mginternet | 1 Car Site Manager | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp. | |||||
| CVE-2005-3586 | 1 Mambo | 1 Mambo | 2024-02-14 | 5.0 MEDIUM | N/A |
| content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. | |||||
| CVE-2007-2610 | 1 Openld | 1 Openld | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature, possibly the term parameter. | |||||
| CVE-2005-3947 | 1 Sergey Korostel | 1 Php Upload Center | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter. | |||||
| CVE-1999-1284 | 1 Puppets Place | 1 Nukenabber | 2024-02-14 | 5.0 MEDIUM | N/A |
| NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection. | |||||
| CVE-2005-0486 | 1 Tarantella | 2 Secure Global Desktop, Tarantella Enterprise | 2024-02-14 | 5.0 MEDIUM | N/A |
| Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme. | |||||
| CVE-2004-1142 | 7 Altlinux, Conectiva, Debian and 4 more | 9 Alt Linux, Linux, Debian Linux and 6 more | 2024-02-14 | 5.0 MEDIUM | N/A |
| Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. | |||||
| CVE-2004-2418 | 1 Whitsoft Development | 1 Slimftpd | 2024-02-14 | 7.2 HIGH | N/A |
| Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT. | |||||
| CVE-2005-0704 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 7.5 HIGH | N/A |
| Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. | |||||
| CVE-2002-1355 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages. | |||||