Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3907 | 1 Siemens | 1 Speedstream Wireless Router | 2024-02-14 | 5.0 MEDIUM | N/A |
| Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface. | |||||
| CVE-2000-0141 | 1 Infopop | 1 Ultimate Bulletin Board | 2024-02-14 | 10.0 HIGH | N/A |
| Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field. | |||||
| CVE-2006-5917 | 1 Omnistar Interactive | 1 Omnistar Article Manager | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OmniStar Article Manager allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in (a) articles/comments.php and (b) articles/article.php, and the (2) page_id parameter in (c) articles/pages.php. | |||||
| CVE-2005-3586 | 1 Mambo | 1 Mambo | 2024-02-14 | 5.0 MEDIUM | N/A |
| content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. | |||||
| CVE-2006-1379 | 1 Trend Micro | 1 Pc-cillin 2006 | 2024-02-14 | 7.2 HIGH | N/A |
| Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe. | |||||
| CVE-2006-4554 | 1 Becubed | 1 Compression Plus | 2024-02-14 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header. | |||||
| CVE-2006-4020 | 1 Php | 1 Php | 2024-02-14 | 4.6 MEDIUM | N/A |
| scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. | |||||
| CVE-2003-0272 | 1 Miniportal | 1 Miniportal | 2024-02-14 | 10.0 HIGH | N/A |
| admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value. | |||||
| CVE-2006-4753 | 1 Comscripts | 1 Phprog | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2006-2483 | 1 Lighthouse Development | 1 Squirrelcart | 2024-02-14 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cart_content.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cart_isp_root parameter. | |||||
| CVE-2007-4288 | 1 Microsoft | 1 Windows Media Player | 2024-02-14 | 4.3 MEDIUM | N/A |
| Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. | |||||
| CVE-2006-1747 | 1 Vwar | 1 Virtual War | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) popup.php, and other unspecified scripts in the admin folder. NOTE: these are different attack vectors than CVE-2006-1636 and CVE-2006-1503. | |||||
| CVE-2002-0513 | 1 Symatec | 1 Popper Mod | 2024-02-14 | 10.0 HIGH | N/A |
| The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator. | |||||
| CVE-2005-1869 | 1 Appindex | 1 Mwchat | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter. | |||||
| CVE-2006-2561 | 1 Edimax | 1 Br 6104k | 2024-02-14 | 7.5 HIGH | N/A |
| Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | |||||
| CVE-2006-4966 | 1 Chumpsoft | 1 Phpquestionnaire | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter. | |||||
| CVE-2005-3517 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2024-02-14 | 5.0 MEDIUM | N/A |
| Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php. | |||||
| CVE-2006-0370 | 1 Noah Medling | 1 Rcblog | 2024-02-14 | 5.0 MEDIUM | N/A |
| Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes. | |||||
| CVE-2006-5945 | 1 Mginternet | 1 Car Site Manager | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp. | |||||
| CVE-2005-1221 | 1 Ecommerce-carts | 1 Ecommpro | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field. | |||||