Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1831 | 1 Todd Miller | 1 Sudo | 2024-08-07 | 7.2 HIGH | N/A |
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty. | |||||
CVE-2005-1588 | 1 Open Solution | 1 Quick.cart | 2024-08-07 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection | |||||
CVE-2005-1244 | 1 Netiq | 1 Pssecure | 2024-08-07 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable. | |||||
CVE-2005-1181 | 1 Ariadne | 1 Ariadne Cms | 2024-08-07 | 7.5 HIGH | N/A |
NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005 | |||||
CVE-2005-1146 | 1 Calendarscript | 1 Calendarscript | 2024-08-07 | 4.3 MEDIUM | N/A |
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145 | |||||
CVE-2005-1145 | 1 Calendarscript | 1 Calendarscript | 2024-08-07 | 4.3 MEDIUM | N/A |
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146 | |||||
CVE-2006-7193 | 1 Smarty | 1 Smarty | 2024-08-07 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant | |||||
CVE-2006-7141 | 1 Oracle | 1 Database Server | 2024-08-07 | 6.0 MEDIUM | N/A |
Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability | |||||
CVE-2006-7120 | 1 Osu Open Source Lab | 1 Maintain | 2024-08-07 | 10.0 HIGH | N/A |
PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php | |||||
CVE-2006-7015 | 1 Jobline | 1 Jobline | 2024-08-07 | 10.0 HIGH | N/A |
PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests | |||||
CVE-2006-7013 | 1 Simple Machines | 1 Simple Machines Forum | 2024-08-07 | 7.5 HIGH | N/A |
QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue | |||||
CVE-2006-7011 | 1 Develooping | 1 Flash Chat | 2024-08-07 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value | |||||
CVE-2006-7006 | 1 Robin De Graff | 1 Somery | 2024-08-07 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals | |||||
CVE-2006-6883 | 1 Phpirc Bot | 1 Phpirc Bot | 2024-08-07 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used | |||||
CVE-2006-6863 | 1 Enigma | 1 Wordpress Bridge | 2024-08-07 | 10.0 HIGH | N/A |
PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value | |||||
CVE-2006-6550 | 1 Phorum | 1 Phorum | 2024-08-07 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use | |||||
CVE-2006-6549 | 1 Rad Inks | 1 Rad Upload | 2024-08-07 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below. | |||||
CVE-2006-6541 | 1 Php | 1 Animated Smiley Generator | 2024-08-07 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley Generator were affected, not the developer-provided software: "Legitimately purchased applications do not allow this exploit. | |||||
CVE-2006-6465 | 1 Wikyblog | 1 Wikyblog | 2024-08-07 | 6.5 MEDIUM | N/A |
Directory traversal vulnerability in WBmap.php in WikyBlog 1.3.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. NOTE: CVE disputes this vulnerability because l is validated by ctype_alpha before use | |||||
CVE-2006-6415 | 1 Phpadsnew | 1 Phpadsnew | 2024-08-07 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin/lib-maintenance.inc.php in phpAdsNew 2.0.4-pr2 allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter, a different component than CVE-2006-3984. NOTE: this issue is disputed by CVE, since phpAds_path is used as a constant |