Total
255462 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1123 | 1 D2ksoft | 1 D2kblog | 2024-02-04 | 10.0 HIGH | N/A |
| SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie. | |||||
| CVE-2006-0354 | 1 Cisco | 8 Aironet Ap1100, Aironet Ap1130ag, Aironet Ap1200 and 5 more | 2024-02-04 | 5.5 MEDIUM | N/A |
| Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644. | |||||
| CVE-2005-1840 | 1 Phpcms | 1 Phpcms | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php. | |||||
| CVE-2005-1658 | 1 Myserver | 1 Myserver | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot). | |||||
| CVE-2006-4329 | 1 Shadows Rising Rpg | 1 Shadows Rising Rpg | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php. | |||||
| CVE-2006-2671 | 1 Calendarscripts.com | 1 Chatpat | 2024-02-04 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field. | |||||
| CVE-2005-2558 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. | |||||
| CVE-2004-0961 | 2 Freeradius, Redhat | 3 Freeradius, Enterprise Linux, Fedora Core | 2024-02-04 | 5.0 MEDIUM | N/A |
| Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. | |||||
| CVE-2004-2552 | 1 Tim Mann | 1 Xboard | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. NOTE: since the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. | |||||
| CVE-2005-0517 | 1 Peerftp 5 | 1 Peerftp 5 | 2024-02-04 | 2.1 LOW | N/A |
| PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges. | |||||
| CVE-2005-3472 | 1 Sun | 1 Java System Communications Express | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files. | |||||
| CVE-2006-1791 | 1 Jl Webworks | 1 Quickblogger | 2024-02-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails. | |||||
| CVE-2005-0003 | 4 Avaya, Linux, Mandrakesoft and 1 more | 15 Converged Communications Server, Intuity Audix, Mn100 and 12 more | 2024-02-04 | 2.1 LOW | N/A |
| The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file. | |||||
| CVE-2005-2690 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php. | |||||
| CVE-2005-0057 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2024-02-04 | 7.5 HIGH | N/A |
| The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow. | |||||
| CVE-2005-0479 | 1 Trackercam | 1 Trackercam | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and (1) "/" slash), (2) "\" (backslash), or (3) hex-encoded characters in the fn parameter. | |||||
| CVE-2005-2355 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2335, CVE-2005-2356. Reason: due to a typo in an advisory, this candidate was accidentally referenced. Notes: All CVE users should consult CVE-2005-2335 and CVE-2005-2356 to determine the appropriate identifier for the issue. | |||||
| CVE-2006-0547 | 1 Oracle | 1 Database Server | 2024-02-04 | 7.5 HIGH | N/A |
| Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB18 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0265. | |||||
| CVE-2006-2599 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2587. Reason: This candidate is a duplicate of CVE-2006-2587. Notes: All CVE users should reference CVE-2006-2587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-4592 | 1 Bogofilter | 1 Email Filter | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex. | |||||