Total
29866 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1481 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp. | |||||
| CVE-2006-2168 | 1 Fileprotection Express | 1 Fileprotection Express | 2025-04-03 | 7.5 HIGH | N/A |
| FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1. | |||||
| CVE-2003-1054 | 1 Mod Access Referer | 1 Mod Access Referer | 2025-04-03 | 5.0 MEDIUM | N/A |
| mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference. | |||||
| CVE-2005-0136 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761. | |||||
| CVE-2005-0470 | 3 Gentoo, Suse, Wpa Supplicant | 3 Linux, Suse Linux, Wpa Supplicant | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. | |||||
| CVE-2005-4400 | 1 Liferay | 1 Liferay Portal Enterprise | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. | |||||
| CVE-2005-2568 | 1 Syscp Team | 1 Syscp | 2025-04-03 | 7.5 HIGH | N/A |
| Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function. | |||||
| CVE-2006-0517 | 1 Spip | 1 Spip | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions". | |||||
| CVE-2006-2534 | 1 Greg Donald | 1 Destiney Links Script | 2025-04-03 | 5.0 MEDIUM | N/A |
| Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories. | |||||
| CVE-2006-4549 | 1 Chxo | 1 Feedsplitter | 2025-04-03 | 5.0 MEDIUM | N/A |
| CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified. | |||||
| CVE-2006-4205 | 1 Webdynamite | 1 Projectbutler | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php. | |||||
| CVE-2005-4610 | 1 Dopewars | 1 Dopewars | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors. | |||||
| CVE-2006-0829 | 1 E-blah | 1 Platinum | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remote attackers to inject arbitrary web script or HTML via the referer (HTTP_REFERER), which is not sanitized when the log file is viewed by the administrator using "Click Log". | |||||
| CVE-1999-1039 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise. | |||||
| CVE-2006-2313 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 7.5 HIGH | N/A |
| PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." | |||||
| CVE-2004-2389 | 1 Jabberstudio | 1 Jabber Gadu-gadu Transport | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service (infinite loop) via user re-registration. | |||||
| CVE-2002-0910 | 1 Debian | 1 Netstd | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to. | |||||
| CVE-2003-0509 | 1 Cyberstrong | 1 Eshop | 2025-04-03 | 10.0 HIGH | N/A |
| SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp. | |||||
| CVE-2006-2720 | 1 Variomat | 1 Variomat | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter. | |||||
| CVE-2006-1495 | 2 Netoffice, Phpcollab | 2 Netoffice, Phpcollab | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option. | |||||