Total
255415 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1680 | 1 Jupiter Cms | 1 Jupiter Cms | 2024-02-04 | 2.6 LOW | N/A |
Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php. | |||||
CVE-2005-4267 | 1 Qualcomm | 1 Worldmail | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands. | |||||
CVE-2006-0072 | 1 Sco | 1 Openserver | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector. | |||||
CVE-2006-3265 | 1 Qdig | 1 Qdig | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters. | |||||
CVE-2006-4485 | 1 Php | 1 Php | 2024-02-04 | 10.0 HIGH | N/A |
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read. | |||||
CVE-2006-0167 | 1 Myphpim | 1 Myphpim | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page. | |||||
CVE-2006-0305 | 1 Clipcomm | 2 Cp-100e Voip Wifi Phone, Cpw-100e Voip Wifi Phone | 2024-02-04 | 7.5 HIGH | N/A |
Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware 1.1.12 (051129) and CP-100E VoIP 802.11b Wireless Phone running firmware 1.1.60 allows remote attackers to gain unauthorized access via the debug service on TCP port 60023. | |||||
CVE-2005-2511 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window. | |||||
CVE-2006-1052 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process. | |||||
CVE-2005-1425 | 1 Uapplication | 1 Uguestbook | 2024-02-04 | 5.0 MEDIUM | N/A |
Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb. | |||||
CVE-2006-3882 | 1 Musicbox | 1 Musicbox | 2024-02-04 | 5.0 MEDIUM | N/A |
Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
CVE-2005-1974 | 1 Sun | 1 J2se | 2024-02-04 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges. | |||||
CVE-2006-3638 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." | |||||
CVE-2005-2305 | 1 Dg | 1 Remote Control Server | 2024-02-04 | 7.5 HIGH | N/A |
DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow. | |||||
CVE-2006-1525 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference. | |||||
CVE-2006-1406 | 1 Uniforum | 1 Uniforum | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters. | |||||
CVE-2006-4225 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3139. Reason: This candidate is a duplicate of CVE-2006-3139. Notes: All CVE users should reference CVE-2006-3139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-1719 | 1 Alwil | 1 Avast Antivirus | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses. | |||||
CVE-2005-4009 | 1 Php Lite | 1 Calendar Express | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php. | |||||
CVE-2004-0965 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.2 HIGH | N/A |
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs. |