Total
255401 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0892 | 1 Microsoft | 3 Isa Server, Proxy Server, Windows 2003 Server | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. | |||||
CVE-2005-3213 | 1 Frisk Software | 1 F-prot Antivirus | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
CVE-2006-3327 | 1 E-cbd.biz | 1 Custom Dating Biz Dating Script | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php. | |||||
CVE-2006-3915 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. | |||||
CVE-2005-2769 | 1 Inter7 | 1 Sqwebmail | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail. | |||||
CVE-2005-0959 | 1 Yepyep | 1 Mtftpd | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may allow attackers to execute arbitrary code via a long path. | |||||
CVE-2006-0434 | 1 Phpxplorer | 1 Phpxplorer | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability. | |||||
CVE-2005-3440 | 1 Oracle | 1 Database Server | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08. | |||||
CVE-2006-2422 | 1 Coinsoft Technologies | 1 Phpcoin | 2024-02-04 | 5.0 MEDIUM | N/A |
phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". | |||||
CVE-2006-1291 | 1 Php Icalendar | 1 Php Icalendar | 2024-02-04 | 7.5 HIGH | N/A |
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. | |||||
CVE-2005-2291 | 1 Oracle | 1 Jdeveloper | 2024-02-04 | 4.6 MEDIUM | N/A |
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. | |||||
CVE-2005-0367 | 1 Argosoft | 1 Argosoft Mail Server | 2024-02-04 | 4.6 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter. | |||||
CVE-2006-1730 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow. | |||||
CVE-2006-3701 | 1 Oracle | 1 Database Server | 2024-02-04 | 9.0 HIGH | N/A |
Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05. | |||||
CVE-2006-0243 | 1 Smbcms | 1 Smbcms | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the text parameter, which is used by the "Search Site" field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-2751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 2.1 LOW | N/A |
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group. | |||||
CVE-2005-0442 | 1 Devellion | 1 Cubecart | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter. | |||||
CVE-2004-1271 | 1 Dxfscope | 1 Dxf File Format Viewer | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file. | |||||
CVE-2005-3831 | 1 Speedproject | 3 Speedcommander, Squeez, Zipstar | 2024-02-04 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename. | |||||
CVE-2006-3976 | 1 Broadcom | 1 Etrust Antivirus Webscan | 2024-02-04 | 9.3 HIGH | N/A |
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files. |