Latest CVE Feed
-
2.6
LOWCVE-2006-1554
Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment.... Read more
Affected Products : vsns_lemon- EPSS Score: %0.53
- Published: Mar. 31, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-1806
Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.... Read more
Affected Products : musicbox- EPSS Score: %0.53
- Published: Apr. 18, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-3050
Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter.... Read more
Affected Products : sixcms- EPSS Score: %5.60
- Published: Jun. 16, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-1418
Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more
Affected Products : e-school_management_system- EPSS Score: %0.62
- Published: Mar. 28, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-4726
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.... Read more
Affected Products : coldfusion- EPSS Score: %2.04
- Published: Sep. 14, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-3997
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) ... Read more
- EPSS Score: %0.99
- Published: Dec. 05, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-1674
Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675.... Read more
Affected Products : phpwebgallery- EPSS Score: %0.35
- Published: Apr. 10, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2001-0091
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.... Read more
Affected Products : internet_explorer- EPSS Score: %13.45
- Published: Feb. 16, 2001
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2004-1331
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.... Read more
- EPSS Score: %27.11
- Published: Nov. 16, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2004-1957
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile ... Read more
Affected Products : postnuke- EPSS Score: %0.48
- Published: Apr. 21, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-3044
Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page.... Read more
Affected Products : logisphere- EPSS Score: %0.52
- Published: Jun. 16, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-3038
Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this scri... Read more
Affected Products : realty_room_rent- EPSS Score: %0.50
- Published: Jun. 15, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-1640
Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter.... Read more
Affected Products : czarnews- EPSS Score: %0.80
- Published: Apr. 06, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2007-1008
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requi... Read more
Affected Products : itunes- EPSS Score: %7.55
- Published: Feb. 20, 2007
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2006-2258
Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter.... Read more
Affected Products : maxxschedule- EPSS Score: %0.62
- Published: May. 09, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-1788
Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks.... Read more
Affected Products : document_server- EPSS Score: %2.14
- Published: Apr. 13, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2000-0726
CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.... Read more
Affected Products : mailers- EPSS Score: %0.40
- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-4650
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memor... Read more
Affected Products : ios- EPSS Score: %0.49
- Published: Sep. 09, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-2517
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.... Read more
- EPSS Score: %0.30
- Published: Aug. 19, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-4673
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.... Read more
- EPSS Score: %0.60
- Published: Sep. 11, 2006
- Modified: Apr. 03, 2025