Full List

Search

Recent Vulnerabilities

• CVE-2005-0933 • published on March 29, 2005 Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter.
• CVE-2005-0894 • published on March 29, 2005 OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp.
• CVE-2005-0896 • published on March 29, 2005 Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.
• CVE-2005-0898 • published on March 29, 2005 Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter.
• CVE-2005-0905 • published on March 29, 2005 Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.
• CVE-2005-0910 • published on March 29, 2005 Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php.
• CVE-2005-0913 • published on March 29, 2005 Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code.
• CVE-2005-0919 • published on March 29, 2005 Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks.
• CVE-2005-0922 • published on March 29, 2005 Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.
• CVE-2005-0923 • published on March 29, 2005 The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.
• CVE-2005-0925 • published on March 29, 2005 Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
• CVE-2005-0929 • published on March 29, 2005 SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.
• CVE-2005-0930 • published on March 29, 2005 Cross-site scripting (XSS) vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the user field or (2) the message parameter to message.php.
• CVE-2005-0931 • published on March 29, 2005 PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code.
• CVE-2005-0932 • published on March 29, 2005 Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the "forgotten password" feature, or (3) the domain name in a package order.
• CVE-2005-0934 • published on March 29, 2005 Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
• CVE-2002-1640 • published on March 28, 2005 Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
• CVE-2002-1641 • published on March 28, 2005 Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.
• CVE-2002-1647 • published on March 28, 2005 The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL.
• CVE-2002-1652 • published on March 28, 2005 Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.