Total
29520 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0066 | 1 Phpgedview | 1 Phpgedview | 2025-04-03 | 5.0 MEDIUM | N/A |
| phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php. | |||||
| CVE-2004-1504 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
| The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php. | |||||
| CVE-2006-2577 | 1 Docebo | 1 Docebo | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1914 | 1 Dbbs | 1 Dbbs | 2025-04-03 | 5.0 MEDIUM | N/A |
| DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid (1) fcategoryid parameter to topics.php or (2) unavariabile, (3) GLOBALS, or (4) _SERVER[] parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue. | |||||
| CVE-2005-0947 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2006-4281 | 1 Arthur Konze Webdesign | 1 Akocomment | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-2524 | 1 Usebb | 1 Usebb | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format. | |||||
| CVE-2003-0864 | 1 Ircnet | 1 Ircnet Ircd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service. | |||||
| CVE-2006-3050 | 1 Six Offene Systeme Gmbh | 1 Sixcms | 2025-04-03 | 2.6 LOW | N/A |
| Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter. | |||||
| CVE-2006-3049 | 1 Mole Group Ticket Booking Script | 1 Mole Group Ticket Booking Script | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php. | |||||
| CVE-2002-0652 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | N/A |
| xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs(). | |||||
| CVE-2005-0987 | 1 Irc Services | 1 Nickserv Listlinks | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 allows remote attackers to obtain the links of a nick. | |||||
| CVE-2006-1432 | 1 Fusionzone | 1 Couponzone | 2025-04-03 | 5.0 MEDIUM | N/A |
| fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL. | |||||
| CVE-2006-1796 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). | |||||
| CVE-2005-1507 | 1 4d | 1 Webstar | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL. | |||||
| CVE-2006-3340 | 1 Pearlinger | 1 Pearl For Mambo | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php. | |||||
| CVE-2001-0687 | 1 Transsoft | 1 Broker Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename). | |||||
| CVE-2004-2008 | 1 Adam Webb | 1 Nukejokes | 2025-04-03 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter. | |||||
| CVE-2004-1705 | 1 Citadel | 1 Ux | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username. | |||||
| CVE-2005-2197 | 1 Id Board | 1 Id Board | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php. | |||||