Total
255417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3518 | 1 Webvizyon.net | 1 Webvizyon Portal | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal 2006 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
CVE-2006-2366 | 1 Openobex | 1 Openobex | 2024-02-04 | 2.6 LOW | N/A |
ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session. | |||||
CVE-2005-1505 | 1 Apple | 1 Mail | 2024-02-04 | 7.5 HIGH | N/A |
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. | |||||
CVE-2006-1473 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors. | |||||
CVE-2006-1649 | 1 Eset Software | 1 Nod32 Antivirus | 2024-02-04 | 7.2 HIGH | N/A |
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions. | |||||
CVE-2006-0694 | 1 Ansilove | 1 Ansilove | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver". | |||||
CVE-2006-4318 | 1 Texas Imperial Software | 1 Wftpd | 2024-02-04 | 6.5 MEDIUM | N/A |
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. | |||||
CVE-2006-2075 | 1 Don Moore | 1 Mydns | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka "Query-of-death," as demonstrated by the OUSPG PROTOS DNS test suite. | |||||
CVE-2006-1659 | 1 Softbiz | 1 Image Gallery | 2024-02-04 | 6.4 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php. | |||||
CVE-2006-3553 | 1 Planet Concept | 1 Planetnews | 2024-02-04 | 10.0 HIGH | N/A |
PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php. | |||||
CVE-2005-0707 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. | |||||
CVE-2005-2507 | 1 Apple | 1 Mac Os X Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | |||||
CVE-2006-4610 | 1 Graphiks | 1 Grapagenda | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter. | |||||
CVE-2006-0985 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters. | |||||
CVE-2004-2327 | 1 Vizer Web Server | 1 Vizer Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Vizer Web Server 1.9.1 allows remote attackers to cause a denial of service (crash) via multiple malformed requests including (1) requests without GET, (2) GET requests without HTTP, (3) or long GET requests. | |||||
CVE-2006-4244 | 1 Sql-ledger | 1 Sql-ledger | 2024-02-04 | 7.5 HIGH | N/A |
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. | |||||
CVE-2006-4547 | 1 Lyris | 1 List Manager | 2024-02-04 | 6.5 MEDIUM | N/A |
Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection. | |||||
CVE-2006-1443 | 1 Apple | 1 Mac Os X | 2024-02-04 | 6.5 MEDIUM | N/A |
Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions. | |||||
CVE-2006-0574 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type. | |||||
CVE-2005-2598 | 1 Dokeos | 1 Dokeos | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php. |