Vulnerabilities (CVE)

Total 245418 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3306 1 Zoid Technologies 1 Project Eros Bbsengine 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-1822 1 Farsinews 1 Farsinews 2024-02-28 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter.
CVE-2005-4081 1 Alisveristr 1 Alisveristr E-commerce 2024-02-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands via the username and password parameters in (1) the user login and (2) administrator login pages.
CVE-2006-0886 1 Dev 1 Dev Web Management System 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1476 1 Microsoft 1 Windows Xp 2024-02-28 2.6 LOW N/A
Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program.
CVE-2005-2346 1 Novell 1 Groupwise 2024-02-28 7.5 HIGH N/A
Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section.
CVE-2006-1568 1 Redcms 1 Redcms 2024-02-28 5.1 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters.
CVE-2004-2659 2 Mozilla, Opera 2 Mozilla, Opera Browser 2024-02-28 4.0 MEDIUM N/A
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
CVE-2006-1119 2 Cpanel, Netenberg 2 Cpanel, Fantastico De Luxe 2024-02-28 4.0 MEDIUM N/A
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
CVE-2005-0866 1 Cdrtools 1 Cdrecord 2024-02-28 2.1 LOW N/A
cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2006-0837 1 Micromuse 1 Netcool Neusecure 2024-02-28 2.1 LOW N/A
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
CVE-2005-4776 1 Netbsd 1 Netbsd 2024-02-28 7.2 HIGH N/A
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges.
CVE-2005-4765 1 Bea 1 Weblogic Server 2024-02-28 7.6 HIGH N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection.
CVE-2005-2913 2024-02-28 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2799. Reason: This candidate is a duplicate of CVE-2005-2799. Notes: All CVE users should reference CVE-2005-2799 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2005-1936 1 Xerox 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more 2024-02-28 7.5 HIGH N/A
Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access."
CVE-2005-3017 1 Content2web 1 Content2web 2024-02-28 4.3 MEDIUM N/A
PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS).
CVE-2005-0640 1 Broadcom 1 Unicenter Asset Management 2024-02-28 4.6 MEDIUM N/A
Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.
CVE-2005-3703 2024-02-28 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2272. Reason: This candidate is a duplicate of CVE-2005-2272. It was reserved when another candidate was already public. Notes: All CVE users should reference CVE-2005-2272 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2006-2817 1 Tekno.portal 1 Tekno.portal 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-0230 1 Mozilla 1 Firefox 2024-02-28 5.1 MEDIUM N/A
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."