Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1686 | 1 Apt | 1 Apt-webshop-system | 2008-11-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter. | |||||
| CVE-2006-1684 | 1 Ecotwo | 1 Shopsystem | 2008-11-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via (1) the lang parameter in news.php and (2) other unspecified vectors. | |||||
| CVE-2004-0716 | 1 Hp | 1 Hp-ux | 2008-10-24 | 10.0 HIGH | N/A |
| Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data. | |||||
| CVE-2007-6718 | 1 Mplayer | 1 Mplayer | 2008-10-20 | 4.3 MEDIUM | N/A |
| MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486. | |||||
| CVE-2005-3953 | 1 Bedeng Psp | 1 Bedeng Psp | 2008-10-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php. | |||||
| CVE-2005-3956 | 1 Dmanews | 1 Dmanews | 2008-10-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action. | |||||
| CVE-2005-3948 | 1 Phpalbum.net | 1 Phpalbum | 2008-10-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters. | |||||
| CVE-2005-3939 | 1 Wsn Knowledge Base | 1 Wsn Knowledge Base | 2008-10-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php. | |||||
| CVE-2003-0317 | 1 Iisprotect | 1 Iisprotect | 2008-10-03 | 7.5 HIGH | N/A |
| iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters. | |||||
| CVE-2002-0470 | 1 Phpnettoolpack | 1 Phpnettoolpack | 2008-09-24 | 7.2 HIGH | N/A |
| PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path. | |||||
| CVE-2002-0471 | 1 Phpnettoolpack | 1 Phpnettoolpack | 2008-09-24 | 10.0 HIGH | N/A |
| PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable. | |||||
| CVE-2000-0697 | 1 Sun | 1 Solaris Answerbook2 | 2008-09-24 | 10.0 HIGH | N/A |
| The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters. | |||||
| CVE-2005-4631 | 1 Ryan Lath | 1 Zina | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2005-4373 | 1 Liquid Bytes Technologies | 1 Adaptive Website Framework | 2008-09-20 | 5.0 MEDIUM | N/A |
| Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. | |||||
| CVE-2005-4410 | 1 Nqcontent | 1 Nqcontent | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter. | |||||
| CVE-2005-4429 | 1 Cs-cart | 1 Cs-cart | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php. | |||||
| CVE-2005-4512 | 1 Waxtrapp | 1 Waxtrapp | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4480 | 1 Plexcor | 1 Plexcor Cms | 2008-09-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4651 | 1 Alstrasoft | 1 Epay | 2008-09-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. | |||||
| CVE-2005-4641 | 1 Eazycms | 1 Eazycms | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||||