Total
255399 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1160 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-04 | 5.1 MEDIUM | N/A |
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object. | |||||
CVE-2005-3127 | 1 Lucidcms | 1 Lucidcms | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
CVE-2005-1556 | 1 Gamespy | 1 Gamespy Sdk Cd-key Validation Toolkit | 2024-02-04 | 5.0 MEDIUM | N/A |
Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session. | |||||
CVE-2005-3715 | 1 Senao | 1 Si-680h Wireless Voip Phone | 2024-02-04 | 7.5 HIGH | N/A |
Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service. | |||||
CVE-2005-3327 | 1 Network Appliance | 1 Data Ontap | 2024-02-04 | 7.5 HIGH | N/A |
Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity. | |||||
CVE-2006-1734 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-04 | 6.8 MEDIUM | N/A |
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. | |||||
CVE-2004-2335 | 1 Macromedia | 2 Contribute, Studio | 2024-02-04 | 7.2 HIGH | N/A |
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program. | |||||
CVE-2005-3548 | 1 Invision Power Services | 1 Invision Board | 2024-02-04 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field. | |||||
CVE-2005-0220 | 1 Gallery Project | 1 Gallery | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. | |||||
CVE-2005-1762 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address. | |||||
CVE-2006-2187 | 1 Zenphoto | 1 Zenphoto | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php. | |||||
CVE-2005-3295 | 1 Hp | 1 Hp-ux | 2024-02-04 | 2.1 LOW | N/A |
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size." | |||||
CVE-2005-1645 | 1 Keyvan1 | 1 Imagegallery | 2024-02-04 | 5.0 MEDIUM | N/A |
Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
CVE-2004-2435 | 1 Peoplesoft | 1 Hrms | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts. | |||||
CVE-2005-0206 | 15 Ascii, Cstex, Debian and 12 more | 22 Ptex, Cstetex, Debian Linux and 19 more | 2024-02-04 | 7.5 HIGH | N/A |
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | |||||
CVE-2005-1901 | 1 Sawmill | 1 Sawmill | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page. | |||||
CVE-2006-0858 | 1 Starforce | 1 Safe N Sec Personal \+ Anti-spyware | 2024-02-04 | 7.2 HIGH | N/A |
Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder. | |||||
CVE-2006-3931 | 1 Tuomas Airaksinen | 1 Midirecord | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename). NOTE: This may not be a vulnerability if Midirecord is not installed setuid. | |||||
CVE-2005-1325 | 1 Matthieu Aubry | 1 Phpmyvisites | 2024-02-04 | 5.0 MEDIUM | N/A |
set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter. | |||||
CVE-2006-2502 | 1 Cyrus | 1 Imapd | 2024-02-04 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. |