Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3964 | 1 Banex | 1 Banex | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter. | |||||
| CVE-2006-3965 | 1 Banex | 1 Banex | 2016-10-17 | 5.0 MEDIUM | N/A |
| Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords. | |||||
| CVE-2006-4429 | 1 Phlymail | 1 Phlymail Lite | 2016-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly. | |||||
| CVE-2006-1523 | 1 Linux | 1 Linux Kernel | 2016-10-17 | 10.0 HIGH | N/A |
| The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON. | |||||
| CVE-2006-2646 | 1 Alt-n | 1 Mdaemon | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote). | |||||
| CVE-2005-4215 | 1 Motorola | 1 Motorola Cable Modem | 2016-10-17 | 7.8 HIGH | N/A |
| Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). | |||||
| CVE-2005-4402 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2016-10-17 | 6.5 MEDIUM | N/A |
| Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command. | |||||
| CVE-2005-4510 | 1 Extensis | 1 Netpublish Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter. | |||||
| CVE-2005-4549 | 1 Oracle | 1 Application Server Discussion Forum Portlet | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article. | |||||
| CVE-2005-4551 | 1 Simpbook | 1 Simpbook | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php. | |||||
| CVE-2005-4802 | 1 Flexbackup | 1 Flexbackup | 2016-10-17 | 4.6 MEDIUM | N/A |
| Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use. | |||||
| CVE-2006-0091 | 1 Open-xchange | 1 Open-xchange | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline. | |||||
| CVE-2005-3723 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2016-10-17 | 7.5 HIGH | N/A |
| Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service. | |||||
| CVE-2005-3725 | 1 Zyxel | 1 Prestige 2000w V.1voip Wi-fi Phone | 2016-10-17 | 6.4 MEDIUM | N/A |
| Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE. | |||||
| CVE-2005-3775 | 1 Pollvote | 1 Pollvote | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter. | |||||
| CVE-2005-3776 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system. | |||||
| CVE-2005-3777 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-17 | 5.0 MEDIUM | N/A |
| MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form. | |||||
| CVE-2005-3789 | 1 Phpwcms | 1 Phpwcms | 2016-10-17 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php. | |||||
| CVE-2005-3790 | 1 Phpwcms | 1 Phpwcms | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters. | |||||
| CVE-2005-3791 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2016-10-17 | 5.0 MEDIUM | N/A |
| HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors. | |||||