Max CVSS 10.0 Min CVSS 1.2 Total Count5089
IDCVSSSummaryLast (major) updatePublished
CVE-2014-1889 4.0
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
10-04-2018 - 11:29 10-04-2018 - 11:29
CVE-2014-4912 7.5
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
22-03-2018 - 00:29 22-03-2018 - 00:29
CVE-2014-1665 3.5
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
20-03-2018 - 17:29 20-03-2018 - 17:29
CVE-2014-2674 5.0
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.
19-03-2018 - 17:29 19-03-2018 - 17:29
CVE-2014-4613 4.3
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
16-03-2018 - 13:29 16-03-2018 - 13:29
CVE-2014-2017 5.8
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to injec
18-01-2018 - 09:29 18-01-2018 - 09:29
CVE-2014-8358 9.3
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote at
11-12-2017 - 16:29 11-12-2017 - 16:29
CVE-2013-6924 10.0
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
11-10-2017 - 08:29 11-10-2017 - 08:29
CVE-2015-4523 9.0
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to fact
11-09-2017 - 13:29 11-09-2017 - 13:29
CVE-2013-1298 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none.
11-05-2017 - 10:29 11-05-2017 - 10:29
CVE-2013-5730 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters vi
28-04-2017 - 21:59 20-11-2013 - 08:19
CVE-2014-1677 5.0
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
11-04-2017 - 09:36 03-04-2017 - 11:59
CVE-2014-3222 6.6
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources.
04-04-2017 - 16:43 02-04-2017 - 16:59
CVE-2008-1232 4.3
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to
15-03-2017 - 21:59 03-08-2008 - 21:41
CVE-2013-4659 10.0
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.
15-03-2017 - 12:58 14-03-2017 - 05:59
CVE-2014-1903 7.5
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execut
23-02-2017 - 21:59 18-02-2014 - 06:55
CVE-2008-6779 7.5
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
19-02-2017 - 00:25 01-05-2009 - 13:30
CVE-2008-4918 4.3
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that
19-02-2017 - 00:24 04-11-2008 - 16:00
CVE-2008-2286 7.5
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
19-02-2017 - 00:22 18-05-2008 - 10:20
CVE-2007-0390 6.8
Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
19-02-2017 - 00:16 19-01-2007 - 18:28
CVE-2006-4197 7.5
Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location heade
19-02-2017 - 00:13 17-08-2006 - 17:04
CVE-2006-3475 7.5
Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.
19-02-2017 - 00:13 10-07-2006 - 16:05
CVE-2006-0944 7.5
Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1.
19-02-2017 - 00:11 28-02-2006 - 21:02
CVE-2005-4158 4.6
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that
19-02-2017 - 00:10 10-12-2005 - 21:03
CVE-2005-3257 4.6
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using
19-02-2017 - 00:09 18-10-2005 - 18:02
CVE-2005-2800 2.1
Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, whi
19-02-2017 - 00:09 06-09-2005 - 13:03
CVE-2014-0050 7.5
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that b
16-02-2017 - 21:59 01-04-2014 - 02:27
CVE-2004-2761 5.0
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
01-02-2017 - 13:53 05-01-2009 - 15:30
CVE-2014-4014 6.2
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrate
19-01-2017 - 21:59 23-06-2014 - 07:21
CVE-2007-1873 4.3
Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.
19-01-2017 - 21:59 13-04-2007 - 14:19
CVE-2006-3142 7.5
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
19-01-2017 - 21:59 22-06-2006 - 18:06
CVE-2014-7910 7.5
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 22:00 19-11-2014 - 06:59
CVE-2014-7169 10.0
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro
06-01-2017 - 22:00 24-09-2014 - 21:55
CVE-2014-6271 10.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
06-01-2017 - 22:00 24-09-2014 - 14:48
CVE-2014-5119 7.5
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment vari
06-01-2017 - 22:00 29-08-2014 - 12:55
CVE-2014-4971 7.2
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the M
06-01-2017 - 22:00 26-07-2014 - 11:55
CVE-2014-4943 6.9
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
06-01-2017 - 22:00 19-07-2014 - 15:55
CVE-2014-3977 6.9
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
06-01-2017 - 22:00 08-06-2014 - 19:55
CVE-2014-3857 6.5
Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.
06-01-2017 - 22:00 03-07-2014 - 10:55
CVE-2014-3434 6.9
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL
06-01-2017 - 21:59 06-08-2014 - 15:55
CVE-2014-2851 6.9
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverag
06-01-2017 - 21:59 14-04-2014 - 19:55
CVE-2014-2623 10.0
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
06-01-2017 - 21:59 17-07-2014 - 20:55
CVE-2014-2477 3.6
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a diffe
06-01-2017 - 21:59 17-07-2014 - 01:10
CVE-2014-2399 4.3
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerab
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0894 3.5
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.
06-01-2017 - 21:59 07-07-2014 - 07:01
CVE-2014-0871 4.3
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI
06-01-2017 - 21:59 07-07-2014 - 07:01
CVE-2014-0870 4.3
Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrary web script or HTML via (1) the Message parameter
06-01-2017 - 21:59 07-07-2014 - 07:01
CVE-2014-0869 4.3
The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network an
06-01-2017 - 21:59 07-07-2014 - 07:01
CVE-2014-0868 4.9
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a
06-01-2017 - 21:59 07-07-2014 - 07:01
CVE-2014-0867 5.8
rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.
06-01-2017 - 21:59 07-07-2014 - 07:01
CVE-2014-0866 4.3
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.
06-01-2017 - 21:59 07-07-2014 - 07:01
CVE-2014-0865 4.9
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via cr
06-01-2017 - 21:59 07-07-2014 - 07:01
CVE-2014-0864 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users fo
06-01-2017 - 21:59 07-07-2014 - 07:01
CVE-2014-0515 10.0
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in th
06-01-2017 - 21:59 29-04-2014 - 06:37
CVE-2014-0514 9.3
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
06-01-2017 - 21:59 15-04-2014 - 19:13
CVE-2014-0497 10.0
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
06-01-2017 - 21:59 05-02-2014 - 00:15
CVE-2014-0282 9.3
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
06-01-2017 - 21:59 11-06-2014 - 00:56
CVE-2014-0257 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted
06-01-2017 - 21:59 11-02-2014 - 23:50
CVE-2014-0226 6.8
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-0196 6.9
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or
06-01-2017 - 21:59 07-05-2014 - 06:55
CVE-2014-0160 5.0
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer ov
06-01-2017 - 21:59 07-04-2014 - 18:55
CVE-2014-0113 7.5
CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a cr
06-01-2017 - 21:59 29-04-2014 - 06:37
CVE-2014-0112 7.5
ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability
06-01-2017 - 21:59 29-04-2014 - 06:37
CVE-2014-0094 5.0
The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
06-01-2017 - 21:59 11-03-2014 - 09:00
CVE-2013-5045 6.2
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerabi
06-01-2017 - 21:59 10-12-2013 - 19:55
CVE-2013-4124 5.0
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
06-01-2017 - 21:59 05-08-2013 - 22:56
CVE-2013-2094 7.2
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
06-01-2017 - 21:59 14-05-2013 - 16:55
CVE-2013-1710 10.0
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript c
06-01-2017 - 21:59 06-08-2013 - 21:55
CVE-2013-1690 9.3
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause
06-01-2017 - 21:59 25-06-2013 - 23:19
CVE-2013-1670 4.3
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content
06-01-2017 - 21:59 16-05-2013 - 07:45
CVE-2012-2179 6.9
libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
06-01-2017 - 21:59 22-06-2012 - 06:24
CVE-2010-0211 5.0
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code
06-01-2017 - 21:59 28-07-2010 - 08:48
CVE-2013-6282 7.2
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a craft
02-01-2017 - 21:59 20-11-2013 - 08:19
CVE-2014-1785 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
30-12-2016 - 21:59 11-06-2014 - 00:56
CVE-2013-7409 7.5
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
30-12-2016 - 21:59 30-10-2014 - 11:55
CVE-2013-7389 4.3
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT
30-12-2016 - 21:59 07-07-2014 - 10:55
CVE-2013-7368 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id
30-12-2016 - 21:59 15-04-2014 - 19:13
CVE-2013-7349 7.5
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.ph
30-12-2016 - 21:59 31-03-2014 - 23:25
CVE-2013-7316 4.3
Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.
30-12-2016 - 21:59 24-01-2014 - 10:08
CVE-2013-7280 4.3
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
30-12-2016 - 21:59 08-01-2014 - 10:30
CVE-2013-7274 3.5
Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload.
30-12-2016 - 21:59 08-01-2014 - 10:29
CVE-2013-7260 7.5
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML
30-12-2016 - 21:59 03-01-2014 - 15:55
CVE-2013-6877 9.3
Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerabi
30-12-2016 - 21:59 19-12-2013 - 17:55
CVE-2013-6343 10.0
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
30-12-2016 - 21:59 22-01-2014 - 00:22
CVE-2013-5640 7.5
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php,
30-12-2016 - 21:59 31-03-2014 - 23:24
CVE-2013-5573 4.3
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.
30-12-2016 - 21:59 31-12-2013 - 11:04
CVE-2013-4988 9.3
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
30-12-2016 - 21:59 13-12-2013 - 13:07
CVE-2013-4788 5.1
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control e
30-12-2016 - 21:59 04-10-2013 - 13:55
CVE-2013-4730 10.0
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
30-12-2016 - 21:59 15-05-2014 - 10:55
CVE-2013-3143 9.3
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
30-12-2016 - 21:59 09-07-2013 - 23:46
CVE-2013-2472 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
30-12-2016 - 21:59 18-06-2013 - 18:55
CVE-2013-2028 7.5
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which t
30-12-2016 - 21:59 19-07-2013 - 23:37
CVE-2009-4032 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_sett
27-12-2016 - 21:59 29-11-2009 - 08:07
CVE-2014-2913 7.5
** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this iss
21-12-2016 - 21:59 07-05-2014 - 06:55
CVE-2014-1511 9.3
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2014-1510 9.3
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment t
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2013-5211 5.0
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 20
21-12-2016 - 21:59 02-01-2014 - 09:59
CVE-2014-3789 7.5
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
07-12-2016 - 22:05 22-05-2014 - 19:55
CVE-2014-1799 9.3
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
07-12-2016 - 22:05 11-06-2014 - 00:56
CVE-2013-6935 9.3
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
07-12-2016 - 22:04 04-12-2013 - 13:56
CVE-2013-2251 9.3
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
07-12-2016 - 22:03 19-07-2013 - 23:37
CVE-2013-0292 7.2
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
07-12-2016 - 22:02 05-03-2013 - 16:38
CVE-2013-0230 10.0
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
07-12-2016 - 22:02 31-01-2013 - 16:55
CVE-2013-0156 7.5
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection
07-12-2016 - 22:02 13-01-2013 - 17:55
CVE-2010-2343 9.3
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
07-12-2016 - 22:01 21-06-2010 - 11:30
CVE-2009-0260 4.3
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or
07-12-2016 - 22:01 23-01-2009 - 14:00
CVE-2008-5191 7.5
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
07-12-2016 - 22:01 21-11-2008 - 12:30
CVE-2008-1974 4.3
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
07-12-2016 - 22:00 27-04-2008 - 15:05
CVE-2007-6483 5.0
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot
07-12-2016 - 22:00 20-12-2007 - 15:46
CVE-2007-4476 7.5
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
07-12-2016 - 22:00 04-09-2007 - 21:17
CVE-2007-0010 2.1
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
07-12-2016 - 22:00 24-01-2007 - 14:28
CVE-2006-5925 7.5
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
07-12-2016 - 22:00 15-11-2006 - 14:07
CVE-2006-5084 7.5
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as original
07-12-2016 - 22:00 28-09-2006 - 20:07
CVE-2006-3952 7.5
Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained fro
07-12-2016 - 22:00 01-08-2006 - 17:04
CVE-2005-3390 7.5
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST reque
07-12-2016 - 22:00 01-11-2005 - 07:47
CVE-2005-3388 4.3
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
07-12-2016 - 22:00 01-11-2005 - 07:47
CVE-2004-1018 10.0
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underfl
07-12-2016 - 21:59 10-01-2005 - 00:00
CVE-2014-6287 7.5
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
06-12-2016 - 22:00 07-10-2014 - 06:55
CVE-2014-0476 3.7
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
06-12-2016 - 22:00 25-10-2014 - 18:55
CVE-2008-1391 7.5
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to
06-12-2016 - 21:59 27-03-2008 - 13:44
CVE-2006-6356 6.8
Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter.
06-12-2016 - 21:59 06-12-2006 - 20:28
CVE-2006-1786 2.6
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it
06-12-2016 - 21:59 13-04-2006 - 18:02
CVE-2003-0001 5.0
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
06-12-2016 - 21:59 17-01-2003 - 00:00
CVE-2014-3120 6.8
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended se
06-12-2016 - 13:13 28-07-2014 - 15:55
CVE-2005-4202 5.0
Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to views
05-12-2016 - 21:59 13-12-2005 - 06:03
CVE-2015-3292 10.0
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
02-12-2016 - 22:09 31-05-2015 - 13:59
CVE-2014-4703 2.1
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
28-11-2016 - 14:12 05-12-2014 - 11:59
CVE-2014-4702 2.1
The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.
28-11-2016 - 14:12 05-12-2014 - 11:59
CVE-2014-4701 2.1
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
28-11-2016 - 14:12 05-12-2014 - 11:59
CVE-2014-1912 7.5
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
28-11-2016 - 14:10 28-02-2014 - 19:55
CVE-2013-6420 7.5
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to exec
28-11-2016 - 14:09 16-12-2013 - 23:46
CVE-2013-3893 9.3
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL t
28-11-2016 - 14:09 18-09-2013 - 06:08
CVE-2013-3623 10.0
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execu
28-11-2016 - 14:09 10-12-2013 - 11:11
CVE-2013-1775 6.9
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp t
28-11-2016 - 14:08 05-03-2013 - 16:38
CVE-2013-0008 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows loc
28-11-2016 - 14:08 09-01-2013 - 13:09
CVE-2009-1436 4.9
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
28-11-2016 - 14:07 27-04-2009 - 14:00
CVE-2006-4955 5.0
Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters.
28-11-2016 - 14:06 23-09-2006 - 06:07
CVE-2006-4954 7.5
The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing pro
28-11-2016 - 14:06 23-09-2006 - 06:07
CVE-2006-4952 7.5
The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter.
28-11-2016 - 14:06 23-09-2006 - 06:07
CVE-2009-1970 5.0
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-0991.
23-11-2016 - 14:40 14-07-2009 - 19:30
CVE-2012-1533 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
21-11-2016 - 22:00 16-10-2012 - 17:55
CVE-2006-6942 6.8
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b)
21-11-2016 - 09:17 18-01-2007 - 21:28
CVE-2006-7170 7.5
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b)
21-11-2016 - 09:14 20-03-2007 - 06:19
CVE-2007-1327 7.8
The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm.
21-11-2016 - 08:59 07-03-2007 - 16:19
CVE-2006-0366 4.3
Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag.
18-11-2016 - 21:59 22-01-2006 - 15:03
CVE-2006-7157 7.1
Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.
18-11-2016 - 15:01 07-03-2007 - 15:19
CVE-2006-6943 5.0
PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[],
18-11-2016 - 14:34 18-01-2007 - 21:28
CVE-2006-7086 4.3
The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.
18-11-2016 - 14:33 02-03-2007 - 16:18
CVE-2006-6581 7.5
PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter.
18-11-2016 - 14:32 15-12-2006 - 14:28
CVE-2008-4582 4.3
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the
18-11-2016 - 12:46 15-10-2008 - 16:08
CVE-2006-6109 7.5
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
18-11-2016 - 12:37 26-11-2006 - 17:07
CVE-2006-6451 6.8
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
18-11-2016 - 12:35 10-12-2006 - 16:28
CVE-2006-6367 7.5
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by
18-11-2016 - 12:24 07-12-2006 - 06:28
CVE-2006-6096 4.3
Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter.
18-11-2016 - 12:21 24-11-2006 - 13:07
CVE-2006-6095 7.5
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.as
18-11-2016 - 12:21 24-11-2006 - 13:07
CVE-2006-6094 7.5
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query p
18-11-2016 - 12:19 24-11-2006 - 13:07
CVE-2006-6046 6.8
Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users
18-11-2016 - 12:17 21-11-2006 - 19:07
CVE-2006-6035 6.8
Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter.
18-11-2016 - 12:15 21-11-2006 - 19:07
CVE-2006-5846 6.4
Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2006-5773.
18-11-2016 - 12:10 09-11-2006 - 21:07
CVE-2013-0810 9.3
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulner
16-11-2016 - 14:34 11-09-2013 - 10:03
CVE-2006-5847 4.3
Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
15-11-2016 - 19:27 09-11-2006 - 21:07
CVE-2014-5455 6.9
Unquoted Windows search path vulnerability in the ptservice service in PrivateTunnel 2.3.8, as bundled in OpenVPN 2.1.28.0 allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
14-11-2016 - 18:11 25-08-2014 - 12:55
CVE-2013-4984 7.2
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
08-11-2016 - 09:00 10-09-2013 - 07:28
CVE-2005-0543 4.3
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no pa
04-11-2016 - 16:22 24-02-2005 - 00:00
CVE-2005-0477 4.3
Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style i
04-11-2016 - 15:52 30-03-2005 - 00:00
CVE-2013-0074 9.3
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Dou
03-11-2016 - 15:04 12-03-2013 - 20:55
CVE-2013-7043 8.3
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via
01-11-2016 - 14:22 10-12-2013 - 14:55
CVE-2013-7030 5.0
** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential f
01-11-2016 - 14:06 12-12-2013 - 12:55
CVE-2013-5065 7.2
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
01-11-2016 - 13:45 27-11-2013 - 19:55
CVE-2013-3906 9.3
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafte
01-11-2016 - 13:45 06-11-2013 - 10:55
CVE-2014-0659 10.0
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration dat
01-11-2016 - 13:15 12-01-2014 - 13:34
CVE-2013-2419 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unkno
24-10-2016 - 21:59 17-04-2013 - 14:55
CVE-2013-3174 9.3
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file
20-10-2016 - 12:34 09-07-2013 - 23:46
CVE-2013-3179 4.3
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
20-10-2016 - 12:33 11-09-2013 - 10:03
CVE-2013-3166 4.3
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scro
20-10-2016 - 12:33 09-07-2013 - 23:46
CVE-2013-3184 9.3
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
20-10-2016 - 12:01 14-08-2013 - 07:10
CVE-2013-3163 9.3
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
20-10-2016 - 12:01 09-07-2013 - 23:46
CVE-2013-3164 9.3
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
20-10-2016 - 12:01 09-07-2013 - 23:46
CVE-2013-3162 9.3
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
20-10-2016 - 12:00 09-07-2013 - 23:46
CVE-2013-3161 9.3
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
19-10-2016 - 15:10 09-07-2013 - 23:46
CVE-2013-3144 9.3
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
19-10-2016 - 14:55 09-07-2013 - 23:46
CVE-2013-3145 9.3
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
19-10-2016 - 14:54 09-07-2013 - 23:46
CVE-2013-3146 9.3
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
19-10-2016 - 14:54 09-07-2013 - 23:46
CVE-2013-3147 9.3
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
19-10-2016 - 14:47 09-07-2013 - 23:46
CVE-2013-3148 9.3
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
19-10-2016 - 14:30 09-07-2013 - 23:46
CVE-2013-3149 9.3
Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
19-10-2016 - 14:20 09-07-2013 - 23:46
CVE-2013-3150 9.3
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
19-10-2016 - 14:17 09-07-2013 - 23:46
CVE-2013-3151 9.3
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
19-10-2016 - 14:11 09-07-2013 - 23:46
CVE-2013-3152 9.3
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
19-10-2016 - 14:10 09-07-2013 - 23:46
CVE-2013-3153 9.3
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
19-10-2016 - 14:03 09-07-2013 - 23:46
CVE-2013-1347 9.3
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
19-10-2016 - 13:55 05-05-2013 - 07:07
CVE-2013-3115 9.3
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
19-10-2016 - 13:52 09-07-2013 - 23:46
CVE-2013-2551 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSe
19-10-2016 - 13:46 11-03-2013 - 06:55
CVE-2007-1365 10.0
Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.
17-10-2016 - 23:43 10-03-2007 - 16:19
CVE-2007-1158 5.0
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
17-10-2016 - 23:43 02-03-2007 - 16:18
CVE-2007-0911 7.8
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
17-10-2016 - 23:43 13-02-2007 - 18:28
CVE-2006-6808 6.8
Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_des
17-10-2016 - 23:42 28-12-2006 - 16:28
CVE-2006-6697 7.5
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
17-10-2016 - 23:42 21-12-2006 - 21:28
CVE-2006-5712 4.3
Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element.
17-10-2016 - 23:41 03-11-2006 - 20:07
CVE-2006-5571 7.5
Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter.
17-10-2016 - 23:41 27-10-2006 - 12:07
CVE-2006-5422 7.5
PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.
17-10-2016 - 23:41 20-10-2006 - 10:07
CVE-2006-5239 4.3
Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2) the captcha_session_code parameter in pre_detail
17-10-2016 - 23:41 11-10-2006 - 20:07
CVE-2006-5219 5.1
SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter.
17-10-2016 - 23:41 10-10-2006 - 00:06
CVE-2006-4754 6.8
Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full pa
17-10-2016 - 23:40 13-09-2006 - 18:07
CVE-2006-4753 5.0
Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
17-10-2016 - 23:40 13-09-2006 - 18:07
CVE-2006-4673 2.6
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
17-10-2016 - 23:40 11-09-2006 - 12:04
CVE-2006-4029 7.5
Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet.
17-10-2016 - 23:40 09-08-2006 - 16:04
CVE-2006-3964 7.5
PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.
17-10-2016 - 23:40 01-08-2006 - 18:04
CVE-2006-3963 7.5
Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemu
17-10-2016 - 23:40 01-08-2006 - 18:04
CVE-2006-3491 7.5
Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows remote attackers to execute arbitrary code via a long nickname.
17-10-2016 - 23:40 10-07-2006 - 18:05
CVE-2006-3431 7.5
Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document o
17-10-2016 - 23:40 07-07-2006 - 14:05
CVE-2006-3189 5.8
Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
17-10-2016 - 23:40 22-06-2006 - 20:02
CVE-2006-2769 5.0
The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.
17-10-2016 - 23:40 02-06-2006 - 06:18
CVE-2006-2646 7.5
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
17-10-2016 - 23:39 30-05-2006 - 06:02
CVE-2006-2629 4.0
Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which c
17-10-2016 - 23:39 27-05-2006 - 06:02
CVE-2006-1834 5.1
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.
17-10-2016 - 23:39 19-04-2006 - 12:06
CVE-2006-1760 4.3
Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4)
17-10-2016 - 23:39 12-04-2006 - 21:06
CVE-2006-1747 7.5
PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) chall
17-10-2016 - 23:39 12-04-2006 - 18:02
CVE-2006-1425 4.3
Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
17-10-2016 - 23:39 28-03-2006 - 15:02
CVE-2006-1342 2.1
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive me
17-10-2016 - 23:39 21-03-2006 - 13:02
CVE-2006-0996 4.3
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents
17-10-2016 - 23:39 10-04-2006 - 14:06
CVE-2006-0706 4.3
Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter.
17-10-2016 - 23:39 15-02-2006 - 06:06
CVE-2006-0496 4.3
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (C
17-10-2016 - 23:39 31-01-2006 - 21:02
CVE-2006-0455 4.6
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature
17-10-2016 - 23:38 15-02-2006 - 17:06
CVE-2006-0341 4.3
Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.
17-10-2016 - 23:38 06-01-2006 - 00:00
CVE-2006-0160 7.5
SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.
17-10-2016 - 23:38 10-01-2006 - 06:03
CVE-2005-4809 5.0
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
17-10-2016 - 23:38 31-12-2005 - 00:00
CVE-2005-4563 7.5
SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875.
17-10-2016 - 23:38 29-12-2005 - 06:03
CVE-2005-4559 5.0
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string
17-10-2016 - 23:38 28-12-2005 - 06:03
CVE-2005-4558 6.5
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can all
17-10-2016 - 23:38 28-12-2005 - 06:03
CVE-2005-4557 5.0
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a di
17-10-2016 - 23:38 28-12-2005 - 06:03
CVE-2005-4556 7.5
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP f
17-10-2016 - 23:38 28-12-2005 - 06:03
CVE-2005-4550 5.0
The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).
17-10-2016 - 23:38 28-12-2005 - 06:03
CVE-2005-4510 5.0
Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.
17-10-2016 - 23:38 22-12-2005 - 20:03
CVE-2005-4454 4.3
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" sc
17-10-2016 - 23:38 21-12-2005 - 06:03
CVE-2005-4432 4.3
Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter.
17-10-2016 - 23:38 20-12-2005 - 19:03
CVE-2005-4427 7.5
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_pars
17-10-2016 - 23:38 20-12-2005 - 18:03
CVE-2005-4134 5.0
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not
17-10-2016 - 23:38 09-12-2005 - 10:03
CVE-2005-3902 4.3
Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message,
17-10-2016 - 23:37 29-11-2005 - 18:03
CVE-2005-3894 4.3
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the
17-10-2016 - 23:37 29-11-2005 - 16:03
CVE-2005-3893 7.5
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the L
17-10-2016 - 23:37 29-11-2005 - 16:03
CVE-2005-3857 4.9
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk func
17-10-2016 - 23:37 27-11-2005 - 16:03
CVE-2005-3813 4.0
IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3
17-10-2016 - 23:37 25-11-2005 - 21:03
CVE-2005-3807 4.9
Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlea
17-10-2016 - 23:37 25-11-2005 - 16:03
CVE-2005-3797 7.5
PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.
17-10-2016 - 23:37 24-11-2005 - 06:03
CVE-2005-3790 4.3
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
17-10-2016 - 23:37 24-11-2005 - 06:03
CVE-2005-3789 5.0
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.
17-10-2016 - 23:37 24-11-2005 - 06:03
CVE-2005-3682 7.5
Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.
17-10-2016 - 23:36 18-11-2005 - 18:03
CVE-2005-3679 7.5
SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel.
17-10-2016 - 23:36 18-11-2005 - 18:03
CVE-2005-3676 7.5
SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter.
17-10-2016 - 23:36 18-11-2005 - 18:03
CVE-2005-3636 4.3
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
17-10-2016 - 23:36 16-11-2005 - 16:22
CVE-2005-3635 4.3
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTE
17-10-2016 - 23:36 16-11-2005 - 16:22
CVE-2005-3584 4.3
Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
17-10-2016 - 23:36 16-11-2005 - 02:42
CVE-2005-3571 5.0
PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter
17-10-2016 - 23:36 16-11-2005 - 02:42
CVE-2005-3522 4.3
Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter.
17-10-2016 - 23:36 06-11-2005 - 06:03
CVE-2005-3520 4.3
Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_
17-10-2016 - 23:36 06-11-2005 - 06:03
CVE-2005-3519 7.5
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCL
17-10-2016 - 23:36 06-11-2005 - 06:03
CVE-2005-3516 4.3
Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter.
17-10-2016 - 23:36 06-11-2005 - 06:02
CVE-2005-3515 4.3
Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
17-10-2016 - 23:36 06-11-2005 - 06:02
CVE-2005-3514 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php.
17-10-2016 - 23:35 06-11-2005 - 06:02
CVE-2005-3512 4.3
Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action.
17-10-2016 - 23:35 06-11-2005 - 06:02
CVE-2005-3489 7.5
Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string.
17-10-2016 - 23:35 03-11-2005 - 19:02
CVE-2005-3432 5.0
MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all.
17-10-2016 - 23:35 02-11-2005 - 06:02
CVE-2005-3412 4.3
Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag.
17-10-2016 - 23:35 01-11-2005 - 15:03
CVE-2005-3404 7.5
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
17-10-2016 - 23:35 01-11-2005 - 07:47
CVE-2005-3369 7.5
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.
17-10-2016 - 23:34 30-10-2005 - 09:34
CVE-2005-3368 4.3
Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
17-10-2016 - 23:34 30-10-2005 - 09:34
CVE-2005-3363 7.5
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
17-10-2016 - 23:34 30-10-2005 - 09:34
CVE-2005-3330 7.5
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web p
17-10-2016 - 23:34 27-10-2005 - 06:02
CVE-2005-3329 4.3
Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation.
17-10-2016 - 23:34 27-10-2005 - 06:02
CVE-2005-3308 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parame
17-10-2016 - 23:34 25-10-2005 - 21:02
CVE-2005-3307 5.0
Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale parameter in a newtopic operation.
17-10-2016 - 23:34 25-10-2005 - 21:02
CVE-2005-3305 7.5
Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sec
17-10-2016 - 23:34 25-10-2005 - 21:02
CVE-2005-3304 7.5
Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the des
17-10-2016 - 23:34 25-10-2005 - 21:02
CVE-2005-3236 6.8
Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nic
17-10-2016 - 23:34 14-10-2005 - 06:02
CVE-2005-3208 6.8
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable X
17-10-2016 - 23:33 14-10-2005 - 06:02
CVE-2005-3207 5.0
The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command.
17-10-2016 - 23:33 14-10-2005 - 06:02
CVE-2005-3200 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameter
17-10-2016 - 23:33 14-10-2005 - 06:02
CVE-2005-3159 7.5
SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.
17-10-2016 - 23:33 06-10-2005 - 06:02
CVE-2005-3131 4.3
Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the c
17-10-2016 - 23:32 04-10-2005 - 18:02
CVE-2005-3130 7.5
SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field.
17-10-2016 - 23:32 04-10-2005 - 18:02
CVE-2005-3128 4.3
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.
17-10-2016 - 23:32 04-10-2005 - 18:02
CVE-2005-3127 4.3
Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string.
17-10-2016 - 23:32 04-10-2005 - 18:02
CVE-2005-3083 4.3
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
17-10-2016 - 23:32 27-09-2005 - 16:03
CVE-2005-3020 4.3
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php,
17-10-2016 - 23:32 21-09-2005 - 18:03
CVE-2005-3019 7.5
Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) user
17-10-2016 - 23:32 21-09-2005 - 18:03
CVE-2005-3018 5.0
Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL.
17-10-2016 - 23:32 21-09-2005 - 18:03
CVE-2005-3005 7.5
Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie.
17-10-2016 - 23:32 21-09-2005 - 16:03
CVE-2005-2979 7.5
SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter.
17-10-2016 - 23:31 19-09-2005 - 20:03
CVE-2005-2956 5.0
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to tho
17-10-2016 - 23:31 16-09-2005 - 18:03
CVE-2005-2954 7.5
SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
17-10-2016 - 23:31 16-09-2005 - 18:03
CVE-2005-2953 4.3
Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter.
17-10-2016 - 23:31 16-09-2005 - 18:03
CVE-2005-2952 5.0
Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
17-10-2016 - 23:31 16-09-2005 - 18:03
CVE-2005-2904 5.0
Zebedee 2.4.1, when "allowed redirection port" is not set, allows remote attackers to cause a denial of service (application crash) via a zero in the port number of the protocol option header, which triggers an assert error in the makeConnection func
17-10-2016 - 23:31 14-09-2005 - 16:03
CVE-2005-2898 4.6
** DISPUTED ** NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration setting
17-10-2016 - 23:31 14-09-2005 - 16:03
CVE-2005-2896 7.5
SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.
17-10-2016 - 23:31 14-09-2005 - 16:03
CVE-2005-2892 5.0
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
17-10-2016 - 23:31 14-09-2005 - 16:03
CVE-2005-2877 7.5
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
17-10-2016 - 23:31 16-09-2005 - 16:03
CVE-2005-2844 7.5
Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduM
17-10-2016 - 23:30 08-09-2005 - 06:03
CVE-2005-2804 5.0
Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key.
17-10-2016 - 23:30 04-10-2005 - 17:02
CVE-2005-2792 5.0
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2791 5.0
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to cause a denial of service (refused new connections) via a series of connections and disconnections without sending the login command.
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2788 7.5
Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php.
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2782 7.5
PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http"
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2777 7.5
Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field.
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2775 7.5
php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the t_path_core parameter.
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2769 4.3
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2767 7.5
Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string in a Site Queue (.lsq) file.
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2729 7.5
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.
17-10-2016 - 23:29 30-08-2005 - 07:45
CVE-2005-2725 2.1
The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files.
17-10-2016 - 23:29 30-08-2005 - 07:45
CVE-2005-2721 4.3
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header.
17-10-2016 - 23:29 30-08-2005 - 07:45
CVE-2005-2683 7.5
Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php.
17-10-2016 - 23:29 23-08-2005 - 00:00
CVE-2005-2675 7.5
** DISPUTED ** Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s,
17-10-2016 - 23:29 23-08-2005 - 00:00
CVE-2005-2674 4.3
** DISPUTED ** Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or
17-10-2016 - 23:29 23-08-2005 - 00:00
CVE-2005-2640 5.0
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which gene
17-10-2016 - 23:29 23-08-2005 - 00:00
CVE-2005-2638 4.3
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to Se
17-10-2016 - 23:29 23-08-2005 - 00:00
CVE-2005-2637 7.5
Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.
17-10-2016 - 23:29 23-08-2005 - 00:00
CVE-2005-2633 7.5
Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter.
17-10-2016 - 23:29 23-08-2005 - 00:00
CVE-2005-2629 5.1
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, whic
17-10-2016 - 23:29 18-11-2005 - 18:03
CVE-2005-2580 7.5
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4
17-10-2016 - 23:28 16-08-2005 - 00:00
CVE-2005-2569 4.3
Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) n
17-10-2016 - 23:28 16-08-2005 - 00:00
CVE-2005-2562 7.5
SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field.
17-10-2016 - 23:28 16-08-2005 - 00:00
CVE-2005-2560 4.3
Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
17-10-2016 - 23:28 16-08-2005 - 00:00
CVE-2005-2557 4.3
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE
17-10-2016 - 23:28 28-09-2005 - 17:03
CVE-2005-2543 5.0
Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter.
17-10-2016 - 23:28 10-08-2005 - 00:00
CVE-2005-2542 5.0
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.
17-10-2016 - 23:28 10-08-2005 - 00:00
CVE-2005-2539 4.3
Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php,
17-10-2016 - 23:28 10-08-2005 - 00:00
CVE-2005-2467 5.8
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_js
17-10-2016 - 23:27 31-12-2005 - 00:00
CVE-2005-2461 6.4
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.
17-10-2016 - 23:27 31-12-2005 - 00:00
CVE-2005-2460 5.8
Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message.
17-10-2016 - 23:27 31-12-2005 - 00:00
CVE-2005-2441 4.3
Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.
17-10-2016 - 23:27 03-08-2005 - 00:00
CVE-2005-2432 7.5
SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.
17-10-2016 - 23:27 03-08-2005 - 00:00
CVE-2005-2383 7.5
SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the user parameter in an HTTP POST request.
17-10-2016 - 23:26 26-07-2005 - 00:00
CVE-2005-2277 10.0
Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.
17-10-2016 - 23:25 15-07-2005 - 00:00
CVE-2005-2276 4.3
Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "j&#X41vascript" in an IMG tag.
17-10-2016 - 23:25 26-07-2005 - 00:00
CVE-2005-2163 4.3
Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
17-10-2016 - 23:25 06-07-2005 - 00:00
CVE-2005-2162 5.0
PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter.
17-10-2016 - 23:25 06-07-2005 - 00:00
CVE-2005-2077 4.3
Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter.
17-10-2016 - 23:24 29-06-2005 - 00:00
CVE-2005-2071 4.6
traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).
17-10-2016 - 23:24 29-06-2005 - 00:00
CVE-2005-2065 5.0
HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter.
17-10-2016 - 23:24 29-06-2005 - 00:00
CVE-2005-2064 5.0
Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Addre
17-10-2016 - 23:24 29-06-2005 - 00:00
CVE-2005-2058 7.5
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) m
17-10-2016 - 23:24 29-06-2005 - 00:00
CVE-2005-2049 7.5
Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp.
17-10-2016 - 23:24 22-06-2005 - 00:00
CVE-2005-2048 7.5
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) i
17-10-2016 - 23:24 22-06-2005 - 00:00
CVE-2005-2046 7.5
Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parame
17-10-2016 - 23:24 22-06-2005 - 00:00
CVE-2005-2012 7.5
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.
17-10-2016 - 23:24 20-06-2005 - 00:00
CVE-2005-2011 4.3
Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.
17-10-2016 - 23:24 20-06-2005 - 00:00
CVE-2005-2010 4.3
Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter.
17-10-2016 - 23:24 20-06-2005 - 00:00
CVE-2005-2009 7.5
Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp.
17-10-2016 - 23:24 20-06-2005 - 00:00
CVE-2005-1998 5.0
Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
17-10-2016 - 23:23 15-06-2005 - 00:00
CVE-2005-1955 4.3
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
17-10-2016 - 23:23 12-06-2005 - 00:00
CVE-2005-1951 5.0
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to inde
17-10-2016 - 23:23 16-06-2005 - 00:00
CVE-2005-1948 7.5
Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.
17-10-2016 - 23:23 09-06-2005 - 00:00
CVE-2005-1943 7.5
Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp.
17-10-2016 - 23:23 08-06-2005 - 00:00
CVE-2005-1870 5.0
PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter.
17-10-2016 - 23:23 09-06-2005 - 00:00
CVE-2005-1827 7.5
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
17-10-2016 - 23:22 26-05-2005 - 00:00
CVE-2005-1823 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5
17-10-2016 - 23:22 01-06-2005 - 00:00
CVE-2005-1822 7.5
Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to
17-10-2016 - 23:22 01-06-2005 - 00:00
CVE-2005-1821 7.5
PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php.
17-10-2016 - 23:22 01-06-2005 - 00:00
CVE-2005-1754 5.0
** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "Th
17-10-2016 - 23:22 31-12-2005 - 00:00
CVE-2005-1752 6.4
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
17-10-2016 - 23:22 31-12-2005 - 00:00
CVE-2005-1708 4.6
templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.
17-10-2016 - 23:22 24-05-2005 - 00:00
CVE-2005-1703 5.0
Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference.
17-10-2016 - 23:22 24-05-2005 - 00:00
CVE-2005-1702 7.5
Format string vulnerability in Warrior Kings: Battles 1.23 and earlier and Warrior Kings 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a nickname.
17-10-2016 - 23:22 24-05-2005 - 00:00
CVE-2005-1686 2.6
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user,
17-10-2016 - 23:21 20-05-2005 - 00:00
CVE-2005-1681 7.5
PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php.
17-10-2016 - 23:21 20-05-2005 - 00:00
CVE-2005-1679 5.1
Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message.
17-10-2016 - 23:21 20-05-2005 - 00:00
CVE-2005-1633 7.5
Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) anzahl_beitraege parameter to jgs_portal.php, 2) year parameter to (jgs_portal_statistik.php, 3) year p
17-10-2016 - 23:21 17-05-2005 - 00:00
CVE-2005-1620 4.3
Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1.0, 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.
17-10-2016 - 23:21 16-05-2005 - 00:00
CVE-2005-1619 4.3
Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOT
17-10-2016 - 23:21 16-05-2005 - 00:00
CVE-2005-1618 5.0
The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a c
17-10-2016 - 23:21 16-05-2005 - 00:00
CVE-2005-1615 7.5
viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability.
17-10-2016 - 23:21 16-05-2005 - 00:00
CVE-2005-1614 6.8
Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.
17-10-2016 - 23:21 16-05-2005 - 00:00
CVE-2005-1613 6.8
Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action.
17-10-2016 - 23:21 16-05-2005 - 00:00
CVE-2005-1612 7.5
SQL injection vulnerability in read.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to execute arbitrary SQL commands via the TID parameter.
17-10-2016 - 23:21 16-05-2005 - 00:00
CVE-2005-1561 4.3
Multiple cross-site scripting (XSS) vulnerabilities in post.asp in MaxWebPortal 1.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mod, (2) M, or (3) type parameter.
17-10-2016 - 23:20 11-05-2005 - 00:00
CVE-2005-1550 7.5
easymsgb.pl in Easy Message Board allows remote attackers to execute arbitrary commands via shell metacharacters in the print parameter.
17-10-2016 - 23:20 14-05-2005 - 00:00
CVE-2005-1507 5.0
Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL.
17-10-2016 - 23:20 11-05-2005 - 00:00
CVE-2005-1503 7.5
Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or
17-10-2016 - 23:20 11-05-2005 - 00:00
CVE-2005-1494 4.3
Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter.
17-10-2016 - 23:20 11-05-2005 - 00:00
CVE-2005-1493 5.0
Directory traversal vulnerability in SimpleCam 1.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URL.
17-10-2016 - 23:20 11-05-2005 - 00:00
CVE-2005-1487 7.5
** DISPUTED ** Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, s
17-10-2016 - 23:20 11-05-2005 - 00:00
CVE-2005-1486 5.0
Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the
17-10-2016 - 23:20 11-05-2005 - 00:00
CVE-2005-1480 5.0
Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command.
17-10-2016 - 23:19 11-05-2005 - 00:00
CVE-2005-1479 7.5
SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
17-10-2016 - 23:19 11-05-2005 - 00:00
CVE-2005-1384 7.5
Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1383 7.5
The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1382 5.0
The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1381 6.8
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1378 7.5
SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors.
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1375 7.5
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1374 6.8
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agend
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1370 7.5
Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors.
17-10-2016 - 23:19 03-05-2005 - 00:00
CVE-2005-1366 7.5
Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL.
17-10-2016 - 23:19 16-05-2005 - 00:00
CVE-2005-1365 10.0
Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.
17-10-2016 - 23:19 16-05-2005 - 00:00
CVE-2005-1360 7.5
PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code.
17-10-2016 - 23:19 02-05-2005 - 00:00
CVE-2005-1325 5.0
set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter.
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-1293 7.5
Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter.
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-1285 6.8
Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter.
17-10-2016 - 23:18 22-04-2005 - 00:00
CVE-2005-1224 7.5
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, r
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-1223 7.5
Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field.
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-1203 7.5
Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-1202 6.8
Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-1199 7.5
SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter.
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-1196 7.5
SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.
17-10-2016 - 23:17 02-05-2005 - 00:00
CVE-2005-1170 7.5
SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
17-10-2016 - 23:17 02-05-2005 - 00:00
CVE-2005-1162 5.8
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, o
17-10-2016 - 23:17 02-05-2005 - 00:00
CVE-2005-1161 7.5
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpeci
17-10-2016 - 23:17 02-05-2005 - 00:00
CVE-2005-1117 7.5
PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code.
17-10-2016 - 23:17 02-05-2005 - 00:00
CVE-2005-1112 5.0
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page
17-10-2016 - 23:17 02-05-2005 - 00:00
CVE-2005-1105 5.0
Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header.
17-10-2016 - 23:17 02-05-2005 - 00:00
CVE-2005-1099 10.0
Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.
17-10-2016 - 23:17 12-04-2005 - 00:00
CVE-2005-1079 7.5
SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
17-10-2016 - 23:17 02-05-2005 - 00:00
CVE-2005-1078 7.5
XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges.
17-10-2016 - 23:17 12-04-2005 - 00:00
CVE-2005-1077 4.3
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php.
17-10-2016 - 23:17 12-04-2005 - 00:00
CVE-2005-1071 7.5
SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter.
17-10-2016 - 23:17 12-04-2005 - 00:00
CVE-2005-1054 7.5
PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-1053 4.3
Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-1049 2.6
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-1033 5.0
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) prod
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-1030 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table,
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-1027 4.3
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-1026 7.5
Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to dlman.php in DLMan Pro or (2) id parameter to links.php in Linkz Pro (aka LinksLinks Pro)
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-1005 7.5
ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit paramet
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-1004 4.3
Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-1002 5.0
logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-1000 4.3
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0997 7.5
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0993 4.6
Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0992 4.3
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0984 5.0
Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0980 7.5
PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0978 5.0
Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. (dot dot) in a PUSH command.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0955 7.5
SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter.
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0950 5.0
Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows remote attackers to read arbitrary files via a (1) ... (triple dot) or (2) ..\ (dot dot backslash) in the URL.
17-10-2016 - 23:15 29-03-2005 - 00:00
CVE-2005-0948 7.5
SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0945 4.3
Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0935 7.5
Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0929 7.5
SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0928 4.3
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0925 4.3
Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0903 2.6
Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0896 4.3
Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0895 5.0
Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of service (device hang) via a large number of ping packets.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0892 10.0
Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands.
17-10-2016 - 23:15 28-03-2005 - 00:00
CVE-2005-0881 4.3
Cross-site scripting (XSS) vulnerability in articles.newcomment for Interspire ArticleLive 2005 allows remote attackers to inject arbitrary web script or HTML via the Articleld parameter.
17-10-2016 - 23:15 23-03-2005 - 00:00
CVE-2005-0873 4.3
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0870 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[tem
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0843 5.0
CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0842 4.3
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0829 4.3
Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0828 5.0
highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrate
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0805 7.5
SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid para
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0803 5.0
The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0802 4.3
Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter.
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0800 7.5
PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerab
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0796 5.0
Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is i
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0791 4.3
Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter.
17-10-2016 - 23:14 14-03-2005 - 00:00
CVE-2005-0786 7.5
SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php.
17-10-2016 - 23:14 14-03-2005 - 00:00
CVE-2005-0783 4.3
Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file.
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0782 4.3
Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php.
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0781 7.5
SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0780 5.0
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php,
17-10-2016 - 23:14 12-03-2005 - 00:00
CVE-2005-0779 5.0
PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username.
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0776 5.0
adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos.
17-10-2016 - 23:14 02-05-2005 - 00:00
CVE-2005-0750 7.2
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
17-10-2016 - 23:14 27-03-2005 - 00:00
CVE-2005-0710 4.6
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is pr
17-10-2016 - 23:13 02-05-2005 - 00:00
CVE-2005-0709 4.6
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
17-10-2016 - 23:13 02-05-2005 - 00:00
CVE-2005-0632 5.0
PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter.
17-10-2016 - 23:13 01-03-2005 - 00:00
CVE-2005-0629 4.3
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.
17-10-2016 - 23:13 01-03-2005 - 00:00
CVE-2005-0575 7.5
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2005-0569 7.5
Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2005-0513 7.5
PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_
17-10-2016 - 23:12 19-02-2005 - 00:00
CVE-2005-0475 6.4
SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6)
17-10-2016 - 23:11 30-03-2005 - 00:00
CVE-2005-0443 4.3
index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
17-10-2016 - 23:11 02-05-2005 - 00:00
CVE-2005-0442 5.0
Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter.
17-10-2016 - 23:11 02-05-2005 - 00:00
CVE-2005-0345 5.0
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.
17-10-2016 - 23:10 02-05-2005 - 00:00
CVE-2005-0344 5.0
Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
17-10-2016 - 23:10 02-05-2005 - 00:00
CVE-2005-0320 5.0
Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsetting
17-10-2016 - 23:10 28-01-2005 - 00:00
CVE-2005-0316 7.5
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
17-10-2016 - 23:10 28-01-2005 - 00:00
CVE-2005-0313 7.5
Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remo
17-10-2016 - 23:10 27-01-2005 - 00:00
CVE-2005-0307 4.3
Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters.
17-10-2016 - 23:10 25-01-2005 - 00:00
CVE-2005-0305 7.5
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
17-10-2016 - 23:10 02-05-2005 - 00:00
CVE-2005-0253 5.0
Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.
17-10-2016 - 23:09 02-05-2005 - 00:00
CVE-2005-0252 7.5
SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.
17-10-2016 - 23:09 02-05-2005 - 00:00
CVE-2005-0251 4.3
Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.
17-10-2016 - 23:09 02-05-2005 - 00:00
CVE-2005-0245 7.5
Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE
17-10-2016 - 23:09 01-02-2005 - 00:00
CVE-2005-0229 5.0
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.
17-10-2016 - 23:08 27-04-2005 - 00:00
CVE-2005-0129 7.5
The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected
17-10-2016 - 23:07 14-04-2005 - 00:00
CVE-2005-0101 7.5
Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.
17-10-2016 - 23:07 01-02-2005 - 00:00
CVE-2005-0023 2.1
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
17-10-2016 - 23:07 05-10-2005 - 17:02
CVE-2004-2135 2.1
cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
17-10-2016 - 23:06 26-05-2004 - 00:00
CVE-2004-2000 7.5
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php.
17-10-2016 - 23:04 05-05-2004 - 00:00
CVE-2004-1875 9.3
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html,
17-10-2016 - 23:02 30-03-2004 - 00:00
CVE-2004-1873 7.5
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.
17-10-2016 - 23:02 31-12-2004 - 00:00
CVE-2004-1488 5.0
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
17-10-2016 - 22:55 27-04-2005 - 00:00
CVE-2004-1418 4.3
Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error is generated.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1415 5.0
SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1412 4.3
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1410 4.3
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1406 7.5
SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL commands via the (1) st or (2) keywords parameter.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1405 7.5
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1402 10.0
SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1401 7.5
SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1400 7.5
The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1385 5.0
phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction p
17-10-2016 - 22:53 31-12-2004 - 00:00
CVE-2004-1384 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[
17-10-2016 - 22:53 31-12-2004 - 00:00
CVE-2004-1383 7.5
Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to view
17-10-2016 - 22:53 31-12-2004 - 00:00
CVE-2004-1329 7.2
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point
17-10-2016 - 22:53 20-12-2004 - 00:00
CVE-2004-1325 5.0
The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the
17-10-2016 - 22:53 18-12-2004 - 00:00
CVE-2004-1324 2.6
The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
17-10-2016 - 22:53 18-12-2004 - 00:00
CVE-2004-1306 5.1
Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.
17-10-2016 - 22:53 31-12-2004 - 00:00
CVE-2004-1223 5.0
The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters.
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1221 5.0
Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows remote attackers to read arbitrary files via .. sequences in the TextFile parameter.
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1213 6.8
Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1212 5.0
Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument.
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1210 6.8
Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variables.
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1206 5.0
Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1196 6.8
Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter.
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1166 7.5
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the com
17-10-2016 - 22:51 31-12-2004 - 00:00
CVE-2004-1165 7.5
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated u
17-10-2016 - 22:51 10-01-2005 - 00:00
CVE-2004-1161 7.5
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
17-10-2016 - 22:51 10-01-2005 - 00:00
CVE-2004-1150 5.1
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
17-10-2016 - 22:51 31-12-2004 - 00:00
CVE-2004-1147 10.0
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.
17-10-2016 - 22:51 10-01-2005 - 00:00
CVE-2004-1074 2.1
The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.
17-10-2016 - 22:51 10-01-2005 - 00:00
CVE-2004-1060 5.0
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment w
17-10-2016 - 22:51 12-04-2004 - 00:00
CVE-2004-0791 5.0
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench a
17-10-2016 - 22:49 12-04-2005 - 00:00
CVE-2004-0790 5.0
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have
17-10-2016 - 22:49 12-04-2005 - 00:00
CVE-2004-0597 10.0
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transpar
17-10-2016 - 22:46 23-11-2004 - 00:00
CVE-2004-0067 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.ph
17-10-2016 - 22:40 17-02-2004 - 00:00
CVE-2003-1085 5.0
The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.
17-10-2016 - 22:39 31-12-2003 - 00:00
CVE-2003-0557 7.5
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.
17-10-2016 - 22:35 18-08-2003 - 00:00
CVE-2003-0509 10.0
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
17-10-2016 - 22:34 07-08-2003 - 00:00
CVE-2006-0797 7.8
Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the act
14-10-2016 - 21:59 19-02-2006 - 16:02
CVE-2013-3205 9.3
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
03-10-2016 - 13:50 11-09-2013 - 10:03
CVE-2013-6114 5.0
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.
30-09-2016 - 13:32 04-11-2013 - 10:55
CVE-2013-1311 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
29-09-2016 - 16:18 14-05-2013 - 23:36
CVE-2013-3961 6.5
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
21-09-2016 - 10:25 11-03-2014 - 15:37
CVE-2013-2347 10.0
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
21-09-2016 - 09:46 03-01-2014 - 23:51
CVE-2013-5486 10.0
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue7
16-09-2016 - 16:47 23-09-2013 - 06:18
CVE-2013-6976 6.8
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters,
15-09-2016 - 15:23 19-12-2013 - 17:55
CVE-2014-0307 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Me
09-09-2016 - 14:58 12-03-2014 - 01:15
CVE-2013-1300 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
09-09-2016 - 14:55 09-07-2013 - 23:46
CVE-2013-7136 9.3
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
09-09-2016 - 10:35 19-12-2013 - 17:55
CVE-2014-4034 7.5
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
06-09-2016 - 10:18 11-06-2014 - 10:55
CVE-2014-1796 9.3
Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
06-09-2016 - 09:55 11-06-2014 - 00:56
CVE-2014-1795 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
06-09-2016 - 09:55 11-06-2014 - 00:56
CVE-2014-1794 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than C
06-09-2016 - 09:54 11-06-2014 - 00:56
CVE-2014-1792 9.3
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-
06-09-2016 - 09:53 11-06-2014 - 00:56
CVE-2014-1791 9.3
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
06-09-2016 - 09:52 11-06-2014 - 00:56
CVE-2014-1790 9.3
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
06-09-2016 - 09:51 11-06-2014 - 00:56
CVE-2014-1789 9.3
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
06-09-2016 - 09:51 11-06-2014 - 00:56
CVE-2014-1786 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
06-09-2016 - 09:44 11-06-2014 - 00:56
CVE-2014-1784 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
06-09-2016 - 09:43 11-06-2014 - 00:56
CVE-2014-1783 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
06-09-2016 - 09:42 11-06-2014 - 00:56
CVE-2014-1782 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
06-09-2016 - 09:32 11-06-2014 - 00:56
CVE-2014-1781 9.3
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-
06-09-2016 - 09:31 11-06-2014 - 00:56
CVE-2014-1780 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than C
06-09-2016 - 09:20 11-06-2014 - 00:56
CVE-2014-1779 9.3
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
06-09-2016 - 09:17 11-06-2014 - 00:56
CVE-2014-2775 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
06-09-2016 - 09:14 11-06-2014 - 00:56
CVE-2014-1770 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the
06-09-2016 - 09:14 22-05-2014 - 07:14
CVE-2014-2776 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
06-09-2016 - 09:13 11-06-2014 - 00:56
CVE-2014-2782 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
06-09-2016 - 09:10 19-06-2014 - 06:50
CVE-2014-0322 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the
02-09-2016 - 21:34 14-02-2014 - 11:55
CVE-2006-4322 7.5
PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path para
30-08-2016 - 21:59 23-08-2006 - 21:04
CVE-2012-5201 10.0
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
24-08-2016 - 09:34 09-03-2013 - 06:55
CVE-2011-0923 10.0
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
22-08-2016 - 22:03 08-02-2011 - 20:00
CVE-2011-0922 10.0
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
22-08-2016 - 22:03 08-02-2011 - 20:00
CVE-2009-3867 9.3
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to
22-08-2016 - 22:00 05-11-2009 - 11:30
CVE-2009-3548 7.5
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
22-08-2016 - 21:59 12-11-2009 - 18:30
CVE-2009-0922 4.0
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified enco
22-08-2016 - 21:59 17-03-2009 - 13:30
CVE-2009-0580 4.3
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, rel
22-08-2016 - 21:59 05-06-2009 - 12:00
CVE-2007-3701 7.5
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
20-07-2016 - 11:13 11-07-2007 - 19:30
CVE-2013-5948 8.5
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (
30-06-2016 - 11:54 22-04-2014 - 09:06
CVE-2013-4810 10.0
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServ
29-06-2016 - 10:12 16-09-2013 - 09:01
CVE-2006-0442 4.3
Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig
16-06-2016 - 09:28 26-01-2006 - 17:03
CVE-2014-2299 9.3
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large re
01-06-2016 - 22:25 11-03-2014 - 09:01
CVE-2013-5755 10.0
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remot
26-05-2016 - 08:33 16-07-2014 - 10:19
CVE-2014-1683 6.8
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name,
25-05-2016 - 11:16 29-01-2014 - 13:55
CVE-2014-1610 6.0
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/med
25-05-2016 - 11:01 30-01-2014 - 18:55
CVE-2006-0323 9.3
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size v
18-05-2016 - 14:20 23-03-2006 - 18:06
CVE-2006-5757 1.2
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed d
09-05-2016 - 12:52 06-11-2006 - 15:07
CVE-2014-9727 10.0
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
06-04-2016 - 08:49 29-05-2015 - 11:59
CVE-2013-6194 10.0
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
06-04-2016 - 08:37 03-01-2014 - 23:51
CVE-2013-4362 7.2
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
04-04-2016 - 09:10 30-09-2013 - 18:55
CVE-2013-6023 7.8
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.
31-03-2016 - 13:31 02-11-2013 - 17:55
CVE-2013-5680 6.8
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command.
31-03-2016 - 13:31 06-04-2014 - 12:55
CVE-2014-1788 9.3
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-
23-12-2015 - 23:02 11-06-2014 - 00:56
CVE-2014-1778 6.8
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-
23-12-2015 - 23:02 11-06-2014 - 00:56
CVE-2014-1777 4.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
23-12-2015 - 23:02 11-06-2014 - 00:56
CVE-2014-1775 9.3
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
23-12-2015 - 23:02 11-06-2014 - 00:56
CVE-2014-1774 9.3
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-
23-12-2015 - 23:02 11-06-2014 - 00:56
CVE-2014-1773 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
23-12-2015 - 23:01 11-06-2014 - 00:56
CVE-2014-1772 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than C
23-12-2015 - 23:01 11-06-2014 - 00:56
CVE-2014-1771 6.8
SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify
23-12-2015 - 23:01 11-06-2014 - 00:56
CVE-2014-1769 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
23-12-2015 - 23:01 11-06-2014 - 00:56
CVE-2014-1766 7.2
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at
23-12-2015 - 23:00 27-04-2014 - 06:55
CVE-2014-1762 7.5
Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pw
23-12-2015 - 22:48 27-04-2014 - 06:55
CVE-2014-1804 9.3
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-
22-12-2015 - 14:07 11-06-2014 - 00:56
CVE-2014-1805 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
22-12-2015 - 14:07 11-06-2014 - 00:56
CVE-2014-2754 9.3
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-
22-12-2015 - 14:07 11-06-2014 - 00:56
CVE-2014-2756 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than C
22-12-2015 - 14:07 11-06-2014 - 00:56
CVE-2014-2759 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
22-12-2015 - 14:06 11-06-2014 - 00:56
CVE-2014-2757 9.3
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
22-12-2015 - 14:06 11-06-2014 - 00:56
CVE-2014-2755 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
22-12-2015 - 14:06 11-06-2014 - 00:56
CVE-2014-2753 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
22-12-2015 - 14:06 11-06-2014 - 00:56
CVE-2014-1803 9.3
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
22-12-2015 - 14:06 11-06-2014 - 00:56
CVE-2014-1797 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than C
22-12-2015 - 14:06 11-06-2014 - 00:56
CVE-2014-1802 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than C
22-12-2015 - 14:05 11-06-2014 - 00:56
CVE-2014-1800 9.3
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
22-12-2015 - 14:05 11-06-2014 - 00:56
CVE-2014-2758 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
22-12-2015 - 14:04 11-06-2014 - 00:56
CVE-2014-2760 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
22-12-2015 - 14:04 11-06-2014 - 00:56
CVE-2014-2761 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
22-12-2015 - 14:03 11-06-2014 - 00:56
CVE-2014-2763 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than C
22-12-2015 - 14:02 11-06-2014 - 00:56
CVE-2014-2765 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
22-12-2015 - 14:02 11-06-2014 - 00:56
CVE-2014-2766 9.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
22-12-2015 - 14:02 11-06-2014 - 00:56
CVE-2014-2767 9.3
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
22-12-2015 - 14:01 11-06-2014 - 00:56
CVE-2014-2768 9.3
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than
22-12-2015 - 14:00 11-06-2014 - 00:56
CVE-2014-2769 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than C
22-12-2015 - 13:59 11-06-2014 - 00:56
CVE-2014-2771 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than C
22-12-2015 - 13:59 11-06-2014 - 00:56
CVE-2014-2770 9.3
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-
22-12-2015 - 13:51 11-06-2014 - 00:56
CVE-2014-2773 9.3
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than
22-12-2015 - 13:51 11-06-2014 - 00:56
CVE-2014-2772 9.3
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014
22-12-2015 - 13:50 11-06-2014 - 00:56
CVE-2014-2764 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than C
22-12-2015 - 13:50 11-06-2014 - 00:56
CVE-2014-2777 7.5
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-
18-12-2015 - 21:01 11-06-2014 - 00:56
CVE-2014-4965 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) customername parameter to central/orders/searchcriteria.action; (2) productname, (3) availabil
04-12-2015 - 11:19 15-07-2014 - 10:55
CVE-2014-5193 4.3
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.
04-12-2015 - 11:18 07-08-2014 - 07:13
CVE-2014-1764 10.0
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSec
03-12-2015 - 13:06 27-04-2014 - 06:55
CVE-2013-4074 5.0
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cau
01-12-2015 - 14:48 09-06-2013 - 17:55
CVE-2008-4157 7.5
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
24-11-2015 - 13:07 22-09-2008 - 14:34
CVE-2008-2335 4.3
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party info
24-11-2015 - 11:45 19-05-2008 - 09:20
CVE-2014-1222 4.0
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that thi
19-11-2015 - 11:54 12-08-2014 - 19:55
CVE-2014-5460 6.5
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-
16-11-2015 - 23:07 11-09-2014 - 11:55
CVE-2014-6037 7.5
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with ..
13-11-2015 - 12:53 26-10-2014 - 15:55
CVE-2014-5082 7.5
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
04-11-2015 - 11:32 06-08-2014 - 14:55
CVE-2014-3085 7.1
systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.
02-11-2015 - 12:56 17-08-2014 - 19:55
CVE-2014-3081 6.3
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
02-11-2015 - 12:56 17-08-2014 - 19:55
CVE-2014-9304 7.5
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processe
28-10-2015 - 14:10 07-12-2014 - 16:59
CVE-2013-2730 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.
23-10-2015 - 11:42 16-05-2013 - 07:45
CVE-2014-2987 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authenticat
22-10-2015 - 10:26 26-10-2014 - 14:55
CVE-2014-3757 7.5
SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.
21-10-2015 - 12:23 15-05-2014 - 10:55
CVE-2013-0928 9.3
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
13-10-2015 - 12:33 21-01-2013 - 16:55
CVE-2014-3888 8.3
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS
08-10-2015 - 11:15 10-07-2014 - 07:06
CVE-2014-3936 10.0
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute
08-10-2015 - 11:10 02-06-2014 - 10:55
CVE-2014-2579 7.6
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to inde
08-10-2015 - 10:50 25-04-2014 - 16:55
CVE-2014-4960 7.5
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid
05-10-2015 - 22:37 21-07-2014 - 10:55
CVE-2014-3871 7.5
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. N
29-09-2015 - 14:48 27-05-2014 - 09:55
CVE-2013-0140 7.9
SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication ch
29-09-2015 - 14:46 01-05-2013 - 08:00
CVE-2014-5088 4.3
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.
16-09-2015 - 15:31 06-08-2014 - 14:55
CVE-2014-5464 4.3
Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
08-09-2015 - 14:20 08-09-2014 - 10:55
CVE-2014-5383 6.5
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
08-09-2015 - 14:18 21-08-2014 - 10:55
CVE-2014-5201 7.5
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
08-09-2015 - 13:53 12-08-2014 - 16:55
CVE-2014-4645 4.3
Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.
02-09-2015 - 13:16 25-06-2014 - 16:55
CVE-2014-4194 7.5
SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action.
02-09-2015 - 13:05 09-07-2014 - 10:55
CVE-2014-4158 7.5
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
02-09-2015 - 13:03 13-06-2014 - 10:55
CVE-2014-3976 5.0
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sy
02-09-2015 - 13:01 05-06-2014 - 13:55
CVE-2014-3080 4.3
Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the
02-09-2015 - 12:55 17-08-2014 - 19:55
CVE-2006-3823 5.1
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter.
01-09-2015 - 12:59 25-07-2006 - 09:22
CVE-2014-3913 10.0
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
31-08-2015 - 14:29 04-06-2014 - 10:55
CVE-2014-3878 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new cont
31-08-2015 - 14:28 05-06-2014 - 13:55
CVE-2014-3544 3.5
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via th
31-08-2015 - 14:09 29-07-2014 - 07:10
CVE-2014-4865 6.8
Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users.
28-08-2015 - 12:36 10-09-2014 - 14:55
CVE-2014-4710 4.3
Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field.
28-08-2015 - 12:35 29-07-2014 - 10:55
CVE-2014-3996 7.5
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service
28-08-2015 - 11:48 05-12-2014 - 10:59
CVE-2014-2087 9.3
Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary c
13-08-2015 - 14:04 18-03-2014 - 13:04
CVE-2014-2043 6.5
SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter.
13-08-2015 - 14:04 13-03-2014 - 10:55
CVE-2014-0793 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to
13-08-2015 - 13:49 30-01-2014 - 13:55
CVE-2014-2364 7.5
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) Get
11-08-2015 - 10:38 19-07-2014 - 01:09
CVE-2014-0372 5.5
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unkn
07-08-2015 - 13:42 15-01-2014 - 11:08
CVE-2013-6674 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message co
07-08-2015 - 13:41 17-02-2014 - 17:55
CVE-2013-6040 9.3
Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls allow remote attackers to execute arbitrary code via a crafted HTML document.
07-08-2015 - 13:41 20-01-2014 - 20:55
CVE-2014-2009 5.0
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
05-08-2015 - 12:34 12-09-2014 - 10:55
CVE-2014-2008 7.5
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
05-08-2015 - 12:34 12-09-2014 - 10:55
CVE-2014-0784 8.3
Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
05-08-2015 - 11:51 14-03-2014 - 06:55
CVE-2014-0783 9.0
Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
05-08-2015 - 11:50 14-03-2014 - 06:55
CVE-2014-3740 3.5
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
31-07-2015 - 21:41 11-09-2014 - 14:55
CVE-2014-3738 4.3
Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.
31-07-2015 - 21:40 20-05-2014 - 10:55
CVE-2014-3415 6.5
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.
31-07-2015 - 21:38 29-05-2014 - 10:19
CVE-2014-3414 6.8
Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a user via the admin parameter to admin/administrators
31-07-2015 - 21:38 29-05-2014 - 10:19
CVE-2014-3247 4.3
Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.
31-07-2015 - 21:38 15-05-2014 - 10:55
CVE-2013-5019 10.0
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
30-07-2015 - 10:55 31-07-2013 - 09:20
CVE-2013-5015 6.5
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows r
30-07-2015 - 10:50 14-02-2014 - 08:10
CVE-2013-2639 4.3
Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.
30-07-2015 - 10:43 11-02-2014 - 12:55
CVE-2014-2314 4.3
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
29-07-2015 - 12:21 09-03-2014 - 09:16
CVE-2014-2013 7.5
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element
29-07-2015 - 12:20 03-03-2014 - 11:55
CVE-2014-1843 5.0
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter
29-07-2015 - 12:19 29-04-2014 - 06:37
CVE-2014-1842 5.0
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
29-07-2015 - 12:18 29-04-2014 - 06:37
CVE-2014-1841 5.0
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
29-07-2015 - 12:17 29-04-2014 - 06:37
CVE-2013-1493 10.0
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via
29-07-2015 - 12:15 05-03-2013 - 17:06
CVE-2008-6504 5.0
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Obje
28-07-2015 - 11:19 23-03-2009 - 10:19
CVE-2013-6872 6.5
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
28-07-2015 - 10:49 21-01-2014 - 10:17
CVE-2013-6058 7.5
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
27-07-2015 - 12:11 14-11-2013 - 15:55
CVE-2013-6021 9.3
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.
27-07-2015 - 12:11 19-10-2013 - 06:36
CVE-2013-6042 4.3
Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
27-07-2015 - 12:10 18-11-2013 - 23:50
CVE-2014-0749 10.0
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
24-07-2015 - 14:39 16-05-2014 - 10:55
CVE-2014-0620 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerou
24-07-2015 - 14:38 08-01-2014 - 10:30
CVE-2015-1579 5.0
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerab
14-07-2015 - 14:22 11-02-2015 - 14:59
CVE-2014-1836 6.4
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
02-07-2015 - 13:26 01-07-2015 - 10:59
CVE-2014-9734 5.0
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php
01-07-2015 - 11:12 30-06-2015 - 10:59
CVE-2005-3955 4.3
Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_
30-06-2015 - 09:04 01-12-2005 - 01:03
CVE-2014-9101 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (X
18-02-2015 - 13:53 26-11-2014 - 10:59
CVE-2014-7196
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a duplicate of CVE-2014-7169. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-7169 instead of this candidat
15-02-2015 - 15:59 15-02-2015 - 15:59
CVE-2014-6242 6.5
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp
26-01-2015 - 13:53 02-10-2014 - 10:55
CVE-2014-2927 9.3
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, doe
26-01-2015 - 13:32 15-10-2014 - 10:55
CVE-2014-2081 7.5
Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) passw
26-01-2015 - 12:33 20-10-2014 - 11:55
CVE-2007-6321 4.3
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
21-01-2015 - 16:08 11-12-2007 - 20:46
CVE-2012-0874 6.8
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentica
17-01-2015 - 21:59 05-02-2013 - 18:55
CVE-2014-10033 6.5
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
14-01-2015 - 16:50 13-01-2015 - 10:59
CVE-2014-10034 6.5
Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_pagi
14-01-2015 - 16:50 13-01-2015 - 10:59
CVE-2014-10035 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the
14-01-2015 - 16:42 13-01-2015 - 10:59
CVE-2014-100011 7.5
SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter.
14-01-2015 - 16:38 13-01-2015 - 10:59
CVE-2014-10032 6.5
SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
14-01-2015 - 16:37 13-01-2015 - 10:59
CVE-2014-10031 7.5
Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command.
14-01-2015 - 16:20 13-01-2015 - 10:59
CVE-2014-10038 7.5
SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.
14-01-2015 - 15:11 13-01-2015 - 10:59
CVE-2014-10037 7.5
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
14-01-2015 - 15:10 13-01-2015 - 10:59
CVE-2014-100030 4.3
Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action.
14-01-2015 - 14:58 13-01-2015 - 10:59
CVE-2014-100031 7.5
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.
14-01-2015 - 14:57 13-01-2015 - 10:59
CVE-2014-100029 5.0
Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter.
14-01-2015 - 14:57 13-01-2015 - 10:59
CVE-2014-100020 7.5
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
14-01-2015 - 14:50 13-01-2015 - 10:59
CVE-2014-100017 4.3
Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field.
14-01-2015 - 14:48 13-01-2015 - 10:59
CVE-2014-100015 6.4
Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.
14-01-2015 - 14:47 13-01-2015 - 10:59
CVE-2014-100014 7.5
Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000.
14-01-2015 - 14:46 13-01-2015 - 10:59
CVE-2014-100012 7.5
SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.
14-01-2015 - 14:45 13-01-2015 - 10:59
CVE-2014-10023 7.5
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.
13-01-2015 - 19:29 13-01-2015 - 06:59
CVE-2014-10020 7.5
SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.
13-01-2015 - 19:27 13-01-2015 - 06:59
CVE-2014-10019 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or
13-01-2015 - 19:24 13-01-2015 - 06:59
CVE-2014-10018 4.3
Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.
13-01-2015 - 19:24 13-01-2015 - 06:59
CVE-2014-10015 7.5
SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
13-01-2015 - 19:20 13-01-2015 - 06:59
CVE-2014-10014 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via
13-01-2015 - 19:16 13-01-2015 - 06:59
CVE-2014-10010 5.0
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.
13-01-2015 - 19:03 13-01-2015 - 06:59
CVE-2014-10009 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter
13-01-2015 - 19:02 13-01-2015 - 06:59
CVE-2014-10008 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a c
13-01-2015 - 19:01 13-01-2015 - 06:59
CVE-2014-10001 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][
13-01-2015 - 18:02 13-01-2015 - 06:59
CVE-2014-100002 5.0
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
13-01-2015 - 15:48 13-01-2015 - 06:59
CVE-2014-62771
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271. Reason: This candidate is a duplicate of CVE-2014-6271. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6271 instead of this candidate
13-01-2015 - 06:59 13-01-2015 - 06:59
CVE-2014-4644 7.5
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
12-01-2015 - 02:10 25-06-2014 - 16:55
CVE-2005-4667 3.7
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses
09-01-2015 - 21:59 31-12-2005 - 00:00
CVE-2014-2223 7.5
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then acce
08-01-2015 - 08:41 11-09-2014 - 10:16
CVE-2013-6043 5.0
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
08-01-2015 - 08:40 27-12-2014 - 13:59
CVE-2013-6041 7.5
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.
08-01-2015 - 08:38 27-12-2014 - 13:59
CVE-2014-2598 6.8
Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via
06-01-2015 - 11:42 05-01-2015 - 15:59
CVE-2014-1908 5.0
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct r
30-12-2014 - 11:37 29-12-2014 - 15:59
CVE-2014-1905 10.0
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and the
30-12-2014 - 11:37 29-12-2014 - 15:59
CVE-2014-8307 4.3
Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the "drop down TOP menu (with path)" section
16-12-2014 - 12:26 16-10-2014 - 15:55
CVE-2014-8306 7.5
SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.
16-12-2014 - 12:26 16-10-2014 - 15:55
CVE-2014-8305 6.4
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) inde
16-12-2014 - 12:25 16-10-2014 - 15:55
CVE-2014-2973
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5753. Reason: This candidate is a duplicate of CVE-2008-5753. Notes: All CVE users should reference CVE-2008-5753 instead of this candidate. All references and descriptions in t
15-12-2014 - 13:59 15-12-2014 - 13:59
CVE-2014-7192 10.0
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.
11-12-2014 - 23:00 11-12-2014 - 06:59
CVE-2014-1761 9.3
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Of
08-12-2014 - 13:48 25-03-2014 - 09:24
CVE-2014-9181 5.0
Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (d
02-12-2014 - 13:41 02-12-2014 - 11:59
CVE-2014-9098 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the vid
28-11-2014 - 09:14 26-11-2014 - 10:59
CVE-2014-9097 7.5
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid paramete
28-11-2014 - 09:10 26-11-2014 - 10:59
CVE-2014-9096 7.5
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
28-11-2014 - 08:53 26-11-2014 - 10:59
CVE-2014-9095 7.5
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
28-11-2014 - 08:50 26-11-2014 - 10:59
CVE-2014-2268 5.0
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by ex
18-11-2014 - 11:52 15-11-2014 - 20:59
CVE-2014-8949 6.0
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote
17-11-2014 - 21:04 16-11-2014 - 06:59
CVE-2014-8948 6.8
Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace param
17-11-2014 - 11:30 16-11-2014 - 06:59
CVE-2014-8359 7.2
Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.
13-11-2014 - 18:03 13-11-2014 - 16:32
CVE-2014-5519 7.5
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party informatio
13-11-2014 - 17:51 11-09-2014 - 10:16
CVE-2014-2559 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a
13-11-2014 - 17:01 17-10-2014 - 18:55
CVE-2014-2995 3.5
Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitg
13-11-2014 - 17:01 17-10-2014 - 18:55
CVE-2014-5258 4.0
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
07-11-2014 - 08:59 06-11-2014 - 13:55
CVE-2014-6030 6.5
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to exe
06-11-2014 - 14:49 06-11-2014 - 13:55
CVE-2014-2937
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candidate is a reservation duplicate of CVE-2014-3220. Notes: All CVE users should reference CVE-2014-3220 instead of this candidate. All references and descr
05-11-2014 - 19:55 05-11-2014 - 19:55
CVE-2014-5520 7.5
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
30-10-2014 - 21:11 26-10-2014 - 16:55
CVE-2013-6796 5.0
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
27-10-2014 - 11:34 26-10-2014 - 16:55
CVE-2014-5275 6.5
Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.
24-10-2014 - 20:22 20-10-2014 - 12:55
CVE-2014-2531 6.5
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search a
24-10-2014 - 14:02 21-10-2014 - 12:55
CVE-2014-5006 7.5
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
24-10-2014 - 10:12 21-10-2014 - 11:55
CVE-2014-5005 7.5
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
24-10-2014 - 09:16 21-10-2014 - 11:55
CVE-2014-3978 6.5
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.
24-10-2014 - 08:53 20-10-2014 - 12:55
CVE-2008-0879 7.5
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
24-10-2014 - 01:07 21-02-2008 - 14:44
CVE-2014-5276 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.
22-10-2014 - 21:16 20-10-2014 - 12:55
CVE-2014-5094 5.0
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
22-10-2014 - 19:40 20-10-2014 - 11:55
CVE-2014-6308 5.0
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
22-10-2014 - 15:37 20-10-2014 - 10:55
CVE-2014-6312 4.3
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site sc
22-10-2014 - 13:33 15-10-2014 - 10:55
CVE-2014-7201 7.5
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) educatio
22-10-2014 - 10:26 10-10-2014 - 10:55
CVE-2014-7200 4.3
Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search
22-10-2014 - 10:22 10-10-2014 - 10:55
CVE-2014-2880 5.8
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the
17-10-2014 - 03:12 17-04-2014 - 10:55
CVE-2014-3671
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Reason: This candidate is a duplicate of CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-716
13-10-2014 - 14:55 13-10-2014 - 14:55
CVE-2014-6607 7.5
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability tha
07-10-2014 - 19:18 06-10-2014 - 19:55
CVE-2014-6409 6.8
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/updat
07-10-2014 - 19:17 06-10-2014 - 19:55
CVE-2014-2044 7.5
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alte
07-10-2014 - 19:07 06-10-2014 - 19:55
CVE-2013-2470 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2465 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2460 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Servicea
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2423 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-1488 10.0
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the
04-10-2014 - 01:04 08-03-2013 - 13:55
CVE-2014-7227
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Reason: This candidate is a duplicate of CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-716
03-10-2014 - 14:55 03-10-2014 - 14:55
CVE-2014-6619 4.3
Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter.
01-10-2014 - 15:40 30-09-2014 - 12:55
CVE-2013-3632 9.0
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
30-09-2014 - 14:39 29-09-2014 - 18:55
CVE-2013-2586 4.3
XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.
30-09-2014 - 14:07 29-09-2014 - 18:55
CVE-2014-3659
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a reservation duplicate of CVE-2014-7169 because the CNA for this ID did not follow multiple procedures that are intended to minimize duplicate CVE
25-09-2014 - 06:55 25-09-2014 - 06:55
CVE-2014-7153 6.5
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/ad
22-09-2014 - 11:17 22-09-2014 - 10:55
CVE-2014-6043 6.5
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do.
12-09-2014 - 11:03 11-09-2014 - 11:55
CVE-2014-6070 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.
11-09-2014 - 14:12 11-09-2014 - 10:16
CVE-2014-5377 5.0
ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request.
08-09-2014 - 10:47 04-09-2014 - 13:55
CVE-2014-5465 5.0
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
03-09-2014 - 16:15 03-09-2014 - 15:55
CVE-2014-5521 6.5
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
03-09-2014 - 10:15 02-09-2014 - 10:55
CVE-2014-5073 7.5
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
02-09-2014 - 13:08 29-08-2014 - 12:55
CVE-2014-5246 10.0
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
27-08-2014 - 20:03 22-08-2014 - 10:55
CVE-2014-5115 5.0
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.
27-08-2014 - 01:37 29-07-2014 - 10:55
CVE-2014-5453 7.2
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file.
26-08-2014 - 11:16 25-08-2014 - 12:55
CVE-2014-5335 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1
26-08-2014 - 11:02 25-08-2014 - 12:55
CVE-2014-5350 5.0
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2
20-08-2014 - 13:55 19-08-2014 - 15:55
CVE-2014-5349 5.0
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
20-08-2014 - 13:36 19-08-2014 - 15:55
CVE-2014-5347 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attack
20-08-2014 - 13:20 19-08-2014 - 15:55
CVE-2014-5346 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via th
20-08-2014 - 13:18 19-08-2014 - 15:55
CVE-2014-5345 4.3
Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.
20-08-2014 - 13:17 19-08-2014 - 15:55
CVE-2014-1204 7.5
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if t
11-08-2014 - 13:21 31-01-2014 - 10:07
CVE-2014-3914 10.0
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequ
07-08-2014 - 13:44 07-08-2014 - 07:13
CVE-2014-5194 6.5
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.
07-08-2014 - 10:30 07-08-2014 - 07:13
CVE-2014-5192 7.5
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
07-08-2014 - 10:28 07-08-2014 - 07:13
CVE-2014-5090 6.5
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
07-08-2014 - 08:13 06-08-2014 - 14:55
CVE-2014-5089 7.5
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
07-08-2014 - 08:12 06-08-2014 - 14:55
CVE-2013-5758 9.0
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissio
04-08-2014 - 10:13 03-08-2014 - 14:55
CVE-2013-5757 4.0
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
04-08-2014 - 10:10 03-08-2014 - 14:55
CVE-2013-5756 4.0
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
04-08-2014 - 10:08 03-08-2014 - 14:55
CVE-2013-5759
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5758. Reason: This candidate is not an independent vulnerability; it is resultant from CVE-2013-5758. Notes: All CVE users should reference CVE-2013-5758 instead of this candidat
03-08-2014 - 14:55 03-08-2014 - 14:55
CVE-2014-4699 6.9
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain p
01-08-2014 - 01:10 09-07-2014 - 07:07
CVE-2006-6334 6.8
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of
31-07-2014 - 23:20 07-12-2006 - 20:28
CVE-2014-5116 5.0
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
30-07-2014 - 13:18 29-07-2014 - 10:55
CVE-2014-4725 7.5
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-c
28-07-2014 - 15:18 27-07-2014 - 14:55
CVE-2014-5100 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cro
28-07-2014 - 11:55 25-07-2014 - 15:55
CVE-2014-4927 7.8
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
25-07-2014 - 11:52 24-07-2014 - 10:55
CVE-2014-4511 7.5
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stat
24-07-2014 - 01:01 22-07-2014 - 10:55
CVE-2014-2612 4.0
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.
24-07-2014 - 00:59 28-06-2014 - 11:55
CVE-2014-2424 4.0
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.
24-07-2014 - 00:59 15-04-2014 - 22:55
CVE-2014-1649 7.9
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
24-07-2014 - 00:58 16-05-2014 - 07:12
CVE-2014-5023 6.8
Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
22-07-2014 - 11:20 22-07-2014 - 10:55
CVE-2013-7392 7.5
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.
22-07-2014 - 11:14 22-07-2014 - 10:55
CVE-2014-4964 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that (1) modify customer settings or hijack the authentication of administrators for re
18-07-2014 - 01:24 15-07-2014 - 10:55
CVE-2014-4155 6.8
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/to
18-07-2014 - 01:24 19-06-2014 - 10:55
CVE-2013-6221 10.0
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspe
18-07-2014 - 01:18 18-06-2014 - 12:55
CVE-2014-4162 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to
17-07-2014 - 01:07 16-06-2014 - 14:55
CVE-2014-4154 5.0
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
16-07-2014 - 13:49 16-07-2014 - 10:19
CVE-2014-4018 7.8
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
16-07-2014 - 13:44 16-07-2014 - 10:19
CVE-2014-4963 6.8
Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action.
16-07-2014 - 10:13 15-07-2014 - 10:55
CVE-2014-4962 6.4
Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost.
16-07-2014 - 10:09 15-07-2014 - 10:55
CVE-2014-4663 6.8
TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.
15-07-2014 - 15:25 15-07-2014 - 10:55
CVE-2014-3418 10.0
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
15-07-2014 - 14:37 15-07-2014 - 10:55
CVE-2013-6117 7.5
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
14-07-2014 - 09:33 11-07-2014 - 15:55
CVE-2014-3992 6.5
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
11-07-2014 - 13:05 11-07-2014 - 10:55
CVE-2014-3991 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) d
11-07-2014 - 13:05 11-07-2014 - 10:55
CVE-2014-4718 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-s
07-07-2014 - 10:10 03-07-2014 - 10:55
CVE-2014-4717 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) at
07-07-2014 - 10:06 03-07-2014 - 10:55
CVE-2014-4716 6.8
Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity.
07-07-2014 - 09:57 03-07-2014 - 10:55
CVE-2014-1815 9.3
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnera
30-06-2014 - 14:26 14-05-2014 - 07:13
CVE-2010-5299 6.8
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is
30-06-2014 - 14:07 22-05-2014 - 20:55
CVE-2014-3842 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter.
27-06-2014 - 12:56 22-05-2014 - 11:13
CVE-2014-4643 5.0
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) P
26-06-2014 - 10:30 25-06-2014 - 16:55
CVE-2014-3216 4.3
GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
24-06-2014 - 10:42 10-06-2014 - 10:55
CVE-2014-4334 7.5
Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.
20-06-2014 - 13:51 19-06-2014 - 10:55
CVE-2014-3778 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns
20-06-2014 - 10:44 19-06-2014 - 10:55
CVE-2014-4307 7.5
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.
19-06-2014 - 10:18 18-06-2014 - 10:55
CVE-2014-4306 5.0
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action.
19-06-2014 - 10:17 18-06-2014 - 10:55
CVE-2014-3962 7.5
Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.
18-06-2014 - 00:33 04-06-2014 - 10:55
CVE-2014-3840 3.5
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging
18-06-2014 - 00:32 27-05-2014 - 09:55
CVE-2014-2575 6.5
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (do
18-06-2014 - 00:32 06-06-2014 - 10:55
CVE-2014-4166 4.3
Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.
17-06-2014 - 10:58 16-06-2014 - 14:55
CVE-2014-3805 10.0
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-
16-06-2014 - 09:00 13-06-2014 - 10:55
CVE-2014-3804 10.0
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_s
16-06-2014 - 08:50 13-06-2014 - 10:55
CVE-2014-2084 8.5
Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/c
13-06-2014 - 00:54 17-05-2014 - 15:55
CVE-2004-2466 5.0
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
12-06-2014 - 21:51 31-12-2004 - 00:00
CVE-2014-4033 4.3
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
12-06-2014 - 13:46 11-06-2014 - 10:55
CVE-2010-5300 6.8
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
12-06-2014 - 09:08 11-06-2014 - 10:55
CVE-2013-3739 5.0
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
06-06-2014 - 12:08 05-06-2014 - 16:55
CVE-2013-2618 4.3
Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.
06-06-2014 - 12:07 05-06-2014 - 16:55
CVE-2014-3975 5.0
Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.
06-06-2014 - 10:56 05-06-2014 - 13:55
CVE-2014-3974 4.3
Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.
06-06-2014 - 10:54 05-06-2014 - 13:55
CVE-2014-3961 7.5
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
05-06-2014 - 10:48 04-06-2014 - 10:55
CVE-2006-2465 5.1
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
30-05-2014 - 22:22 19-05-2006 - 06:02
CVE-2013-2712 4.3
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
29-05-2014 - 19:44 23-05-2014 - 10:55
CVE-2013-2713 6.8
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
29-05-2014 - 19:44 23-05-2014 - 10:55
CVE-2013-5036 7.5
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.
28-05-2014 - 13:43 27-05-2014 - 10:55
CVE-2013-2225 6.4
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
28-05-2014 - 13:07 27-05-2014 - 10:55
CVE-2014-3849 4.3
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser pa
27-05-2014 - 10:36 23-05-2014 - 10:55
CVE-2014-3848 5.0
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.
27-05-2014 - 10:34 23-05-2014 - 10:55
CVE-2014-3220 9.0
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
23-05-2014 - 00:08 05-05-2014 - 13:06
CVE-2014-3806 5.0
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
22-05-2014 - 10:54 21-05-2014 - 10:55
CVE-2014-3792 6.8
Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Pas
21-05-2014 - 19:37 20-05-2014 - 10:55
CVE-2014-3791 10.0
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
21-05-2014 - 18:35 20-05-2014 - 10:55
CVE-2014-3138 6.5
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb
20-05-2014 - 00:14 01-05-2014 - 20:55
CVE-2013-4694 7.5
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer over
20-05-2014 - 00:07 16-04-2014 - 18:55
CVE-2013-4467 6.5
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_mult
20-05-2014 - 00:06 11-03-2014 - 15:37
CVE-2013-6765 7.5
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENT
19-05-2014 - 15:03 19-05-2014 - 10:55
CVE-2013-7382 5.0
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
19-05-2014 - 11:46 17-05-2014 - 15:55
CVE-2014-0782 8.3
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.
19-05-2014 - 10:57 16-05-2014 - 07:12
CVE-2014-2085
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2084. Reason: This issue was MERGED into CVE-2014-2084 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes:
17-05-2014 - 15:55 17-05-2014 - 15:55
CVE-2014-3225 4.0
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
16-05-2014 - 00:26 13-05-2014 - 20:55
CVE-2014-2976 5.0
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.
16-05-2014 - 00:26 23-04-2014 - 11:55
CVE-2013-1763 7.2
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
16-05-2014 - 00:15 28-02-2013 - 14:55
CVE-2014-3443 4.3
JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
15-05-2014 - 14:55 14-05-2014 - 15:55
CVE-2013-7376 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks vi
15-05-2014 - 11:00 14-05-2014 - 15:55
CVE-2013-4468 6.5
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
15-05-2014 - 09:16 14-05-2014 - 15:55
CVE-2013-3514 4.3
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a
15-05-2014 - 09:01 14-05-2014 - 15:55
CVE-2013-2226 7.5
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3)
15-05-2014 - 08:44 14-05-2014 - 15:55
CVE-2014-2046 9.7
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcl
14-05-2014 - 14:55 13-05-2014 - 20:55
CVE-2013-4490 6.5
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
14-05-2014 - 11:49 13-05-2014 - 11:55
CVE-2014-3246 6.5
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
14-05-2014 - 11:40 13-05-2014 - 10:55
CVE-2013-5748 6.8
Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action.
13-05-2014 - 08:53 12-05-2014 - 10:55
CVE-2014-2347 3.5
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
06-05-2014 - 09:16 06-05-2014 - 06:44
CVE-2014-0621 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform
05-05-2014 - 11:23 08-01-2014 - 10:30
CVE-2014-3139 7.5
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.
05-05-2014 - 08:57 02-05-2014 - 06:55
CVE-2014-2879 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (set
05-05-2014 - 01:34 17-04-2014 - 10:55
CVE-2014-0794 4.3
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
05-05-2014 - 01:32 26-01-2014 - 15:55
CVE-2013-7246 9.3
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
05-05-2014 - 01:31 30-01-2014 - 13:55
CVE-2013-6164 7.5
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
05-05-2014 - 01:29 14-11-2013 - 15:55
CVE-2007-3655 6.8
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
04-05-2014 - 23:51 10-07-2007 - 15:30
CVE-2006-4206 4.3
Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID
04-05-2014 - 22:17 17-08-2006 - 17:04
CVE-2014-3008 10.0
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
29-04-2014 - 09:37 28-04-2014 - 10:09
CVE-2014-2846 7.5
Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash d
29-04-2014 - 09:07 28-04-2014 - 10:09
CVE-2014-2383 4.3
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://fil
29-04-2014 - 08:18 28-04-2014 - 10:09
CVE-2014-2994 10.0
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).
28-04-2014 - 12:06 27-04-2014 - 00:32
CVE-2014-2996 7.1
XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. N
28-04-2014 - 08:03 25-04-2014 - 16:55
CVE-2013-5660 9.3
Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file.
25-04-2014 - 14:44 25-04-2014 - 13:12
CVE-2014-0984 4.3
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtra
24-04-2014 - 01:04 17-04-2014 - 10:55
CVE-2014-0983 6.9
Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest
24-04-2014 - 01:04 31-03-2014 - 10:58
CVE-2014-0981 4.4
VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromi
24-04-2014 - 01:04 31-03-2014 - 10:58
CVE-2013-5030 7.2
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication
23-04-2014 - 10:26 16-10-2013 - 06:52
CVE-2013-7204 6.8
Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users.
22-04-2014 - 13:09 17-01-2014 - 10:18
CVE-2014-2341 6.8
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
22-04-2014 - 13:04 22-04-2014 - 09:06
CVE-2014-1216 7.5
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
22-04-2014 - 12:24 22-04-2014 - 09:06
CVE-2014-1990 6.8
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change
21-04-2014 - 15:23 19-04-2014 - 15:55
CVE-2014-2668 5.0
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
19-04-2014 - 00:48 28-03-2014 - 12:51
CVE-2014-2340 6.8
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
19-04-2014 - 00:48 03-04-2014 - 12:15
CVE-2013-2143 6.5
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
17-04-2014 - 11:57 17-04-2014 - 10:55
CVE-2014-0644 7.8
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) i
17-04-2014 - 11:06 16-04-2014 - 21:55
CVE-2014-2850 8.5
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
14-04-2014 - 11:38 11-04-2014 - 11:55
CVE-2014-2849 8.5
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
14-04-2014 - 11:38 11-04-2014 - 11:55
CVE-2014-2847 7.5
SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.
14-04-2014 - 11:15 11-04-2014 - 11:55
CVE-2014-2671 6.8
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
14-04-2014 - 10:29 31-03-2014 - 10:58
CVE-2014-2540 7.5
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.
14-04-2014 - 10:27 11-04-2014 - 10:55
CVE-2014-0346
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0160. Reason: This candidate is a reservation duplicate of CVE-2014-0160. Notes: All CVE users should reference CVE-2014-0160 instead of this candidate. All references and descr
07-04-2014 - 18:55 07-04-2014 - 18:55
CVE-2013-2945 6.5
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthe
03-04-2014 - 10:43 02-04-2014 - 12:17
CVE-2013-4240 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimo
02-04-2014 - 13:56 02-04-2014 - 12:05
CVE-2013-3213 7.5
Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the g
02-04-2014 - 13:33 02-04-2014 - 12:05
CVE-2014-1691 7.5
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
02-04-2014 - 10:50 01-04-2014 - 11:55
CVE-2014-2588 4.0
Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.
01-04-2014 - 02:29 24-03-2014 - 12:38
CVE-2014-2587 6.5
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
01-04-2014 - 02:29 24-03-2014 - 12:38
CVE-2014-2534 4.9
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
01-04-2014 - 02:29 18-03-2014 - 01:18
CVE-2014-2533 7.2
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
01-04-2014 - 02:29 18-03-2014 - 01:18
CVE-2013-6720 5.5
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions
01-04-2014 - 02:26 06-03-2014 - 06:55
CVE-2013-6719 6.0
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host
01-04-2014 - 02:26 06-03-2014 - 06:55
CVE-2014-1982 10.0
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request
31-03-2014 - 13:57 31-03-2014 - 10:58
CVE-2014-0982
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0981. Reason: This issue was MERGED into CVE-2014-0981 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: A
31-03-2014 - 10:58 31-03-2014 - 10:58
CVE-2014-2016 4.3
Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4
26-03-2014 - 10:36 25-03-2014 - 14:21
CVE-2013-1605 7.5
Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request.
26-03-2014 - 09:59 25-03-2014 - 14:21
CVE-2013-1604 5.0
Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
26-03-2014 - 09:53 25-03-2014 - 14:21
CVE-2013-5014 7.5
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitra
26-03-2014 - 00:51 14-02-2014 - 08:10
CVE-2009-0689 6.8
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD
25-03-2014 - 23:51 01-07-2009 - 09:00
CVE-2014-2586 4.3
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.
24-03-2014 - 18:15 24-03-2014 - 12:38
CVE-2012-4886 10.0
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
24-03-2014 - 18:14 24-03-2014 - 12:43
CVE-2013-2643 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php
19-03-2014 - 09:55 18-03-2014 - 13:02
CVE-2013-2642 9.3
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authent
19-03-2014 - 09:54 18-03-2014 - 13:02
CVE-2013-2641 5.0
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
19-03-2014 - 09:48 18-03-2014 - 13:02
CVE-2013-2619 5.0
Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI.
19-03-2014 - 09:31 18-03-2014 - 13:02
CVE-2008-2370 5.0
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traver
15-03-2014 - 23:29 03-08-2008 - 21:41
CVE-2007-5333 5.0
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as se
15-03-2014 - 23:16 11-02-2008 - 20:00
CVE-2014-1287 7.2
USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.
14-03-2014 - 12:11 14-03-2014 - 06:55
CVE-2013-3728 3.5
Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.
13-03-2014 - 13:43 13-03-2014 - 10:55
CVE-2013-3729 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send a
13-03-2014 - 13:42 13-03-2014 - 10:55
CVE-2013-3727 7.5
SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers
13-03-2014 - 13:40 13-03-2014 - 10:55
CVE-2013-5117 7.5
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
13-03-2014 - 12:06 12-03-2014 - 10:55
CVE-2014-0329 9.3
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at t
13-03-2014 - 10:13 04-02-2014 - 00:39
CVE-2013-5639 7.5
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
12-03-2014 - 14:03 11-03-2014 - 15:37
CVE-2013-3928 9.3
Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.
12-03-2014 - 08:51 11-03-2014 - 15:37
CVE-2013-2754 6.8
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.
11-03-2014 - 20:47 11-03-2014 - 15:37
CVE-2013-4710 9.3
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service
10-03-2014 - 13:25 02-03-2014 - 23:50
CVE-2014-2317 6.8
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.
10-03-2014 - 12:25 09-03-2014 - 09:16
CVE-2014-1945 7.5
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
10-03-2014 - 12:24 09-03-2014 - 09:16
CVE-2014-1944 4.3
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.
10-03-2014 - 12:14 09-03-2014 - 09:16
CVE-2013-6233 4.3
Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata."
10-03-2014 - 10:57 09-03-2014 - 09:16
CVE-2013-6232 3.5
Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page.
10-03-2014 - 10:56 09-03-2014 - 09:16
CVE-2014-1854 7.5
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.
07-03-2014 - 15:42 27-02-2014 - 10:55
CVE-2013-4977 10.0
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arb
07-03-2014 - 15:41 03-03-2014 - 11:55
CVE-2014-1684 4.3
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximu
07-03-2014 - 15:35 03-03-2014 - 11:55
CVE-2014-1906 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg para
07-03-2014 - 10:07 06-03-2014 - 10:55
CVE-2013-3630 4.6
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
07-03-2014 - 09:40 31-10-2013 - 22:55
CVE-2014-1907 6.4
Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete
07-03-2014 - 09:39 06-03-2014 - 10:55
CVE-2013-3242 5.5
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and caus
07-03-2014 - 08:46 03-05-2013 - 07:57
CVE-2014-0038 6.9
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
05-03-2014 - 23:50 06-02-2014 - 17:55
CVE-2013-6767 7.2
Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.
05-03-2014 - 23:49 20-12-2013 - 17:55
CVE-2014-2206 10.0
Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.
05-03-2014 - 15:05 05-03-2014 - 11:37
CVE-2013-1651 5.8
OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software vi
05-03-2014 - 14:01 05-09-2013 - 07:44
CVE-2013-4981 9.0
Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a l
04-03-2014 - 11:51 03-03-2014 - 11:55
CVE-2013-4980 9.0
Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a l
04-03-2014 - 11:50 03-03-2014 - 11:55
CVE-2014-2090 3.5
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.
03-03-2014 - 15:58 02-03-2014 - 12:55
CVE-2014-2089 6.8
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
03-03-2014 - 12:25 02-03-2014 - 12:55
CVE-2014-2088 6.5
Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a d
03-03-2014 - 12:24 02-03-2014 - 12:55
CVE-2013-2498 7.5
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
03-03-2014 - 09:41 28-02-2014 - 19:01
CVE-2013-6936 7.5
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
25-02-2014 - 13:19 04-12-2013 - 13:56
CVE-2013-6881 10.0
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.
25-02-2014 - 13:11 07-01-2014 - 12:04
CVE-2013-7137 7.5
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
24-02-2014 - 21:07 25-01-2014 - 20:55
CVE-2013-6884 10.0
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
24-02-2014 - 20:44 07-01-2014 - 12:04
CVE-2013-2817 9.3
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.
24-02-2014 - 13:48 23-02-2014 - 23:48
CVE-2013-4898 6.5
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it vi
21-02-2014 - 14:06 29-01-2014 - 13:55
CVE-2014-1459 6.5
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remot
21-02-2014 - 00:06 11-02-2014 - 12:55
CVE-2014-1401 6.5
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) F
21-02-2014 - 00:06 11-02-2014 - 12:55
CVE-2014-1219 5.1
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a
21-02-2014 - 00:06 14-02-2014 - 08:10
CVE-2014-1206 7.5
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
21-02-2014 - 00:06 15-01-2014 - 11:08
CVE-2014-0980 9.3
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
21-02-2014 - 00:06 11-02-2014 - 12:55
CVE-2014-0750 7.5
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary
21-02-2014 - 00:06 25-01-2014 - 17:55
CVE-2013-7319 4.3
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
21-02-2014 - 00:06 06-02-2014 - 11:10
CVE-2013-3294 7.5
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
21-02-2014 - 00:00 11-02-2014 - 12:55
CVE-2012-0394 6.8
** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a sec
20-02-2014 - 23:48 08-01-2012 - 10:55
CVE-2007-2583 4.0
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL poin
20-02-2014 - 22:45 09-05-2007 - 20:19
CVE-2013-5791 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous infor
11-02-2014 - 23:49 16-10-2013 - 11:55
CVE-2014-0379 4.3
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors relate
06-02-2014 - 23:51 15-01-2014 - 11:08
CVE-2013-5877 5.0
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to D
06-02-2014 - 23:50 15-01-2014 - 11:11
CVE-2013-0640 9.3
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February
06-02-2014 - 23:45 13-02-2013 - 20:55
CVE-2013-0238 5.0
The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed.
06-02-2014 - 23:44 12-02-2013 - 20:55
CVE-2012-3153 6.4
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previo
06-02-2014 - 23:40 16-10-2012 - 19:55
CVE-2012-3152 6.4
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component.
06-02-2014 - 23:40 16-10-2012 - 19:55
CVE-2013-1852 7.5
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
05-02-2014 - 13:13 05-02-2014 - 10:10
CVE-2013-3365 8.5
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) i
05-02-2014 - 09:26 04-02-2014 - 16:55
CVE-2013-3098 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to
05-02-2014 - 09:19 04-02-2014 - 16:55
CVE-2014-1202 9.3
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
27-01-2014 - 23:57 24-01-2014 - 20:55
CVE-2013-7091 5.0
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be
27-01-2014 - 23:57 13-12-2013 - 13:07
CVE-2013-5795 5.0
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors rela
27-01-2014 - 23:56 15-01-2014 - 11:11
CVE-2013-5331 9.3
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 al
27-01-2014 - 23:55 11-12-2013 - 10:55
CVE-2013-7248 10.0
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a
27-01-2014 - 10:58 25-01-2014 - 20:55
CVE-2013-7247 5.0
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TS
27-01-2014 - 10:57 25-01-2014 - 20:55
CVE-2013-4884 4.3
Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.
22-01-2014 - 14:53 21-01-2014 - 13:55
CVE-2013-6922 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a cr
22-01-2014 - 14:49 21-01-2014 - 11:06
CVE-2013-2594 7.5
SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter.
22-01-2014 - 14:15 21-01-2014 - 11:06
CVE-2014-1619 7.5
Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.u
22-01-2014 - 14:01 21-01-2014 - 10:17
CVE-2013-3482 9.3
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an
21-01-2014 - 16:14 19-01-2014 - 12:16
CVE-2013-4835 7.5
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
17-01-2014 - 00:18 04-11-2013 - 11:55
CVE-2013-4800 9.3
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
17-01-2014 - 00:18 29-07-2013 - 09:59
CVE-2013-1616 8.3
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.
17-01-2014 - 00:13 01-08-2013 - 09:32
CVE-2013-0632 10.0
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to ac
17-01-2014 - 00:12 16-01-2013 - 19:55
CVE-2013-2827 7.5
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL proper
16-01-2014 - 12:21 15-01-2014 - 11:08
CVE-2013-6883 6.8
Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via u
13-01-2014 - 23:29 17-12-2013 - 11:08
CVE-2013-6882 4.3
Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenti
13-01-2014 - 23:29 17-12-2013 - 11:08
CVE-2013-5447 6.8
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.
13-01-2014 - 23:28 10-12-2013 - 01:14
CVE-2013-2068 9.4
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or
13-01-2014 - 23:24 28-09-2013 - 15:55
CVE-2013-7282 10.0
The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header.
10-01-2014 - 12:37 10-01-2014 - 07:02
CVE-2013-7139 7.5
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
10-01-2014 - 11:04 09-01-2014 - 13:55
CVE-2013-6923 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.ph
10-01-2014 - 10:51 09-01-2014 - 13:55
CVE-2013-6955 10.0
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathna
10-01-2014 - 08:54 09-01-2014 - 13:07
CVE-2013-3576 9.0
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
07-01-2014 - 23:39 14-06-2013 - 14:55
CVE-2013-6937 6.8
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
03-01-2014 - 23:50 04-12-2013 - 11:15
CVE-2013-6987 7.5
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter t
02-01-2014 - 11:10 31-12-2013 - 11:04
CVE-2013-5220 6.1
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
30-12-2013 - 14:29 29-12-2013 - 23:53
CVE-2013-5218 2.9
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP tabl
30-12-2013 - 14:27 29-12-2013 - 23:53
CVE-2013-5219 3.3
Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd.
30-12-2013 - 14:26 29-12-2013 - 23:53
CVE-2013-5039 5.4
Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deact
30-12-2013 - 14:25 29-12-2013 - 23:53
CVE-2013-5038 5.8
The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.
30-12-2013 - 14:14 29-12-2013 - 23:53
CVE-2013-5037 3.3
The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages.
30-12-2013 - 14:12 29-12-2013 - 23:53
CVE-2013-4858 4.3
Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav.
30-12-2013 - 13:50 29-12-2013 - 23:53
CVE-2013-3846 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Int
30-12-2013 - 13:31 28-12-2013 - 23:25
CVE-2013-6341 7.5
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
27-12-2013 - 13:57 05-12-2013 - 13:55
CVE-2013-6787 6.0
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL com
27-12-2013 - 12:40 05-12-2013 - 13:55
CVE-2013-7194 3.5
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name fi
23-12-2013 - 12:04 20-12-2013 - 19:55
CVE-2013-6162 4.3
Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
23-12-2013 - 10:32 20-12-2013 - 19:55
CVE-2013-7187 7.5
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
23-12-2013 - 09:59 20-12-2013 - 18:55
CVE-2013-7186 9.3
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
23-12-2013 - 09:50 20-12-2013 - 18:55
CVE-2013-3918 9.3
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold
19-12-2013 - 23:36 12-11-2013 - 09:35
CVE-2013-3897 9.3
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that us
19-12-2013 - 23:36 09-10-2013 - 10:54
CVE-2013-3881 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
19-12-2013 - 23:36 09-10-2013 - 10:53
CVE-2013-4775 7.8
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.1
19-12-2013 - 14:19 18-12-2013 - 23:24
CVE-2013-4776 7.8
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
19-12-2013 - 13:07 18-12-2013 - 23:24
CVE-2013-5676 4.0
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
16-12-2013 - 12:16 13-12-2013 - 13:55
CVE-2013-6839 7.5
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].
16-12-2013 - 10:13 13-12-2013 - 13:07
CVE-2013-2751 10.0
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to th
13-12-2013 - 12:19 12-12-2013 - 13:55
CVE-2013-7025 3.5
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to
13-12-2013 - 00:22 09-12-2013 - 11:36
CVE-2013-1362 7.5
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
13-12-2013 - 00:13 09-07-2013 - 13:55
CVE-2013-1080 10.0
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently u
13-12-2013 - 00:12 29-03-2013 - 12:09
CVE-2012-6081 6.0
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary cod
13-12-2013 - 00:08 02-01-2013 - 20:55
CVE-2012-1663 7.5
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
12-12-2013 - 23:58 13-03-2012 - 18:55
CVE-2009-4140 7.5
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_global
12-12-2013 - 23:32 22-12-2009 - 17:30
CVE-2006-6199 7.5
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
12-12-2013 - 22:37 30-11-2006 - 20:28
CVE-2006-6184 10.0
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
12-12-2013 - 22:37 30-11-2006 - 19:28
CVE-2013-5058 4.9
Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local u
11-12-2013 - 13:17 10-12-2013 - 19:55
CVE-2013-1349 7.5
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.
10-12-2013 - 12:18 09-12-2013 - 11:36
CVE-2013-6356
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue because of dependency on the victim's direct involvement in modifying
09-12-2013 - 13:55 09-12-2013 - 13:55
CVE-2013-4212 6.8
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-
09-12-2013 - 12:15 07-12-2013 - 15:55
CVE-2013-6618 9.0
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action
08-12-2013 - 01:07 05-11-2013 - 15:55
CVE-2013-6283 7.5
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
05-12-2013 - 00:31 25-10-2013 - 19:55
CVE-2013-4011 7.2
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
05-12-2013 - 00:28 18-07-2013 - 12:51
CVE-2013-5745 7.1
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authenticatio
30-11-2013 - 23:31 01-10-2013 - 13:55
CVE-2013-5576 6.8
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous
30-11-2013 - 23:31 09-10-2013 - 10:54
CVE-2013-1959 3.7
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modify
30-11-2013 - 23:27 03-05-2013 - 07:57