Total
255417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2434 | 1 Linksys | 1 Wrt54g | 2024-02-04 | 5.0 MEDIUM | N/A |
| Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. | |||||
| CVE-2005-1199 | 1 Infopop | 1 Ultimate Bulletin Board | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter. | |||||
| CVE-2005-0922 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type. | |||||
| CVE-2005-1796 | 2 Debian, Ettercap | 2 Debian Linux, Ettercap | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. | |||||
| CVE-2006-3639 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." | |||||
| CVE-2006-3294 | 1 Cbsms | 1 Mambo Module | 2024-02-04 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2005-2385 | 1 Alwil | 1 Avast Antivirus | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to execute arbitrary code via an ACE archive containing a long filename. | |||||
| CVE-2006-1041 | 1 Gregarius | 1 Gregarius | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter to tags.php. | |||||
| CVE-2005-4812 | 1 Sisco | 4 Ax-s4 Iccp, Ax-s4 Mms, Iccp Toolkit For Mms-ease and 1 more | 2024-02-04 | 7.8 HIGH | N/A |
| The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan. | |||||
| CVE-2005-2577 | 1 Wyse | 1 Winterm | 2024-02-04 | 5.0 MEDIUM | N/A |
| Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial of service (device crash) via a packet with a zero in the IP option length field. | |||||
| CVE-2006-2327 | 1 Novell | 1 Netware | 2024-02-04 | 6.4 MEDIUM | N/A |
| Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. | |||||
| CVE-2005-1497 | 1 Mywebland | 1 Mybloggie | 2024-02-04 | 5.0 MEDIUM | N/A |
| index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message. | |||||
| CVE-2005-1018 | 1 Ca | 1 Brightstor Arcserve Backup | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field. | |||||
| CVE-2006-4747 | 1 Idevspot | 1 Textads | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php. | |||||
| CVE-2004-1488 | 1 Gnu | 1 Wget | 2024-02-04 | 5.0 MEDIUM | N/A |
| wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. | |||||
| CVE-2006-0597 | 1 Stefan Ritt | 1 Elog Web Logbook | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes". | |||||
| CVE-2006-2045 | 1 Ip3 Networks | 1 Ip3 Netaccess 75 | 2024-02-04 | 3.6 LOW | N/A |
| The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data. | |||||
| CVE-2006-4105 | 1 Fill Threads Database | 1 Fill Threads Database | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message. | |||||
| CVE-2006-1306 | 1 Microsoft | 2 Excel, Excel Viewer | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." | |||||
| CVE-2006-0757 | 1 Hivemail | 1 Hivemail | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators. | |||||