Total
255417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0381 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 5.0 MEDIUM | N/A |
| A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice. | |||||
| CVE-2005-4494 | 1 Spip | 1 Spip | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3. | |||||
| CVE-2006-4235 | 1 Sony | 1 Sonicstage Mastering Studio | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. | |||||
| CVE-2006-1813 | 1 Phpwebftp | 1 Phpwebftp | 2024-02-04 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. | |||||
| CVE-2006-3800 | 1 Amazing Flash Commerce | 1 Afcommerce Shopping Cart | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box. | |||||
| CVE-2006-3817 | 1 Novell | 1 Groupwise Webaccess | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence. | |||||
| CVE-2006-1941 | 1 Neon Software | 1 Neon Responder | 2024-02-04 | 5.0 MEDIUM | N/A |
| Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation. | |||||
| CVE-2006-1756 | 1 Matthew Dingley | 1 Md News | 2024-02-04 | 7.5 HIGH | N/A |
| MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. | |||||
| CVE-2006-3901 | 1 Tumbleweed | 1 Mailgate Email Firewall | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a long LHA extended header, (3) an LHA archive in which the "temporary pathname" field for decompressed output is greater than 2 bytes, or (4) an LHA archive with a long filename. | |||||
| CVE-2005-2296 | 1 Yabb | 1 Yabb | 2024-02-04 | 5.0 MEDIUM | N/A |
| YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path. | |||||
| CVE-2006-1134 | 1 Jason Smith | 1 Cyboards Php Lite | 2024-02-04 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2) process_post.php. | |||||
| CVE-2006-4159 | 1 Chaussette | 1 Chaussette | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php. | |||||
| CVE-2005-0467 | 1 Putty | 1 Putty | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated. | |||||
| CVE-2006-0401 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. | |||||
| CVE-2005-2680 | 1 Oracle | 1 Weblogic Portal | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs. | |||||
| CVE-2005-3240 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.1 MEDIUM | N/A |
| Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. | |||||
| CVE-2006-4291 | 1 Phlymail | 1 Phlymail Lite | 2024-02-04 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter. | |||||
| CVE-2005-1953 | 1 Pico Server | 1 Pico Server | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the CGI extension for Pico Server (pServ) 3.3 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
| CVE-2005-1819 | 1 Nikosoft | 1 Webmail | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-3574 | 1 Icms Content Management Systems | 1 Icms | 2024-02-04 | 5.0 MEDIUM | N/A |
| PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter. | |||||