Search Results (Refine Search)

Search Parameters:
There are 145,185 matching records.
Displaying matches 129,381 through 129,400.
Vuln ID Summary CVSS Severity
CVE-2006-0570

Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0571

Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0572

phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0573

Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0574

Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0513

Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0562

Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0563

SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0564

Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0565

PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0566

The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service (application crash) via LDAP messages that contain Distinguished Names (DN) fields with a large number of elements.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0437

Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.

Published: February 06, 2006; 5:02:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0438

Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.

Published: February 06, 2006; 5:02:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0552

Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.

Published: February 04, 2006; 6:02:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0539

The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data."

Published: February 03, 2006; 9:02:00 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-0540

Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: February 03, 2006; 9:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0541

Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages."

Published: February 03, 2006; 9:02:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0542

Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters.

Published: February 03, 2006; 9:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0543

Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: February 03, 2006; 9:02:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0544

urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.

Published: February 03, 2006; 9:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH