Total
29755 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4890 | 1 Unak | 1 Unak Cms | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php. | ||||
| CVE-2006-4893 | 1 Phpbb Xs | 1 Phpbb Xs | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780. | ||||
| CVE-2006-4982 | 1 Cisco | 1 Network Access Control | 2025-04-03 | N/A |
| Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer. | ||||
| CVE-2006-4989 | 1 Patrick Michaelis | 1 Wili-cms | 2025-04-03 | N/A |
| Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages. | ||||
| CVE-2004-1038 | 1 Ieee | 1 Firewire Ieee | 2025-04-03 | N/A |
| A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack. | ||||
| CVE-2005-3159 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158. | ||||
| CVE-2006-4429 | 1 Phlymail | 1 Phlymail Lite | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly | ||||
| CVE-1999-0184 | 1 Isc | 1 Bind | 2025-04-03 | N/A |
| When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. | ||||
| CVE-2002-0918 | 1 Cgiscript.net | 1 Cspassword | 2025-04-03 | N/A |
| CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error. | ||||
| CVE-2003-0083 | 2 Apache, Redhat | 4 Http Server, Linux, Rhel Stronghold and 1 more | 2025-04-03 | N/A |
| Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. | ||||
| CVE-2005-2989 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php. | ||||
| CVE-2006-3519 | 1 Native Solutions | 1 The Banner Engine | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php. | ||||
| CVE-2004-0453 | 1 Vice | 1 Vice | 2025-04-03 | N/A |
| Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string. | ||||
| CVE-2006-4938 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message. | ||||
| CVE-2006-4440 | 1 Ay System Solutions | 1 Ay System Solutions Cms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter. | ||||
| CVE-2006-0361 | 1 Bit 5 Blog | 1 Bit 5 Blog | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>. | ||||
| CVE-2004-0838 | 1 Lexar | 1 Jumpdrive Secure | 2025-04-03 | N/A |
| Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive. | ||||
| CVE-2005-3841 | 1 Kplaylist | 1 Kplaylist | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter. | ||||
| CVE-2004-0459 | 1 Ieee | 1 802.11 Wireless Protocol | 2025-04-03 | N/A |
| The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka "jabber"), which prevents devices from transmitting data. | ||||
| CVE-2004-0470 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application. | ||||