Total
255579 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1367 | 1 Pico Server | 1 Pico Server | 2024-02-04 | 7.5 HIGH | N/A |
Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root. | |||||
CVE-2006-1906 | 1 Jjgan852 | 1 Phplister | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
CVE-2006-2413 | 1 Gnunet | 1 Gnunet | 2024-02-04 | 5.0 MEDIUM | N/A |
GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors. | |||||
CVE-2004-2699 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2024-02-04 | 4.3 MEDIUM | N/A |
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter. | |||||
CVE-2006-0516 | 1 Sun | 1 Solaris | 2024-02-04 | 2.1 LOW | N/A |
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors. | |||||
CVE-2006-1345 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 5.0 MEDIUM | N/A |
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message. | |||||
CVE-2005-0796 | 1 Hola | 1 Holacms | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory. | |||||
CVE-2004-1231 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype. | |||||
CVE-2006-0261 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component. NOTE: Oracle has not disputed reliable researcher claims that DB07 involves plaintext storage of the TDE wallet password in a trace file by event 10053. | |||||
CVE-2006-1517 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 5.0 MEDIUM | N/A |
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | |||||
CVE-2004-2596 | 1 Id Software | 1 Quake Ii Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. | |||||
CVE-2006-0636 | 1 Eyeos Project | 1 Eyeos | 2024-02-04 | 7.5 HIGH | N/A |
desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable. | |||||
CVE-2005-0680 | 1 Stadtaus | 1 Download Center Lite | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2006-1797 | 1 Netbsd | 1 Netbsd | 2024-02-04 | 4.9 MEDIUM | N/A |
The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference. | |||||
CVE-2006-3845 | 1 Rarlab | 1 Winrar | 2024-02-04 | 9.3 HIGH | N/A |
Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive. | |||||
CVE-2006-3770 | 1 Phpfaber | 1 Topsites | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters. | |||||
CVE-2005-4021 | 1 Gallery Project | 1 Gallery | 2024-02-04 | 5.0 MEDIUM | N/A |
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
CVE-2005-2310 | 1 Nullsoft | 1 Winamp | 2024-02-04 | 9.3 HIGH | N/A |
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE. | |||||
CVE-2006-4466 | 1 Joomla | 1 Joomla | 2024-02-04 | 5.0 MEDIUM | N/A |
Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!. | |||||
CVE-2006-2522 | 1 Dayfox Designs | 1 Dayfox Blog | 2024-02-04 | 7.5 HIGH | N/A |
Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. |