Total
255522 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2894 | 2 Mozilla, Netscape | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-04 | 4.0 MEDIUM | N/A |
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | |||||
CVE-2005-3985 | 1 Astaro | 1 Security Linux | 2024-02-04 | 7.8 HIGH | N/A |
The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
CVE-2006-0747 | 1 Freetype | 1 Freetype | 2024-02-04 | 5.0 MEDIUM | N/A |
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. | |||||
CVE-2006-3166 | 1 Free Realty | 1 Free Realty | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter. | |||||
CVE-2005-1271 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1343. Reason: This candidate is a reservation duplicate of CVE-2005-1343. Notes: All CVE users should reference CVE-2005-1343 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-4618 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 3.6 LOW | N/A |
Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified. | |||||
CVE-2006-3223 | 1 Broadcom | 3 Etrust Antivirus, Etrust Pestpatrol, Integrated Threat Management | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field. | |||||
CVE-2004-2720 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter. | |||||
CVE-2004-2680 | 1 Apache | 1 Mod Python | 2024-02-04 | 5.0 MEDIUM | N/A |
mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory. | |||||
CVE-2005-0410 | 1 Citrusdb | 1 Citrusdb | 2024-02-04 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file. | |||||
CVE-2006-4603 | 1 Nch Software | 1 Swift Sound Web Dictate | 2024-02-04 | 7.5 HIGH | N/A |
NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password. | |||||
CVE-2006-1434 | 1 Annuaire | 1 Directory | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter). | |||||
CVE-2006-4309 | 1 Ak-systems | 1 Windows Terminal | 2024-02-04 | 10.0 HIGH | N/A |
VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions. | |||||
CVE-2006-3747 | 2 Apache, Ubuntu | 2 Http Server, Ubuntu Linux | 2024-02-04 | 7.6 HIGH | N/A |
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. | |||||
CVE-2005-2730 | 1 Astaro | 1 Security Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message. | |||||
CVE-2005-1898 | 1 Phpthumb | 1 Phpthumb | 2024-02-04 | 5.0 MEDIUM | N/A |
The passthrough functionality in phpThumb.php in phpThumb() before 1.5.4 allows remote attackers to read files that are not images. | |||||
CVE-2005-2722 | 1 Foojan | 1 Php Weblog | 2024-02-04 | 5.0 MEDIUM | N/A |
Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message. | |||||
CVE-2006-0007 | 1 Microsoft | 1 Office | 2024-02-04 | 9.3 HIGH | N/A |
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. | |||||
CVE-2005-2441 | 1 Vbzoom | 1 Vbzoom | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php. | |||||
CVE-2005-2028 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. |