Total
255396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2262 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.1 MEDIUM | N/A |
| Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling." | |||||
| CVE-2005-3265 | 1 Skype Technologies | 1 Skype | 2024-02-04 | 9.3 HIGH | N/A |
| Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. | |||||
| CVE-2006-3438 | 1 Microsoft | 1 Hyperlink Object Library | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." | |||||
| CVE-2005-2593 | 1 Parlano | 1 Mindalign | 2024-02-04 | 10.0 HIGH | N/A |
| Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors. | |||||
| CVE-2006-0038 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 6.9 MEDIUM | N/A |
| Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function. | |||||
| CVE-2006-2109 | 1 Jsboard | 1 Jsboard | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php. | |||||
| CVE-2006-1182 | 1 Adobe | 2 Document Server, Graphics Server | 2024-02-04 | 2.6 LOW | N/A |
| Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command. | |||||
| CVE-2005-3433 | 1 Mirabilis | 1 Icq | 2024-02-04 | 5.1 MEDIUM | N/A |
| Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields. | |||||
| CVE-2005-4304 | 1 Indexcor | 1 Ezdatabase | 2024-02-04 | 5.0 MEDIUM | N/A |
| index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments. | |||||
| CVE-2006-1661 | 1 Sk Soft | 1 Skforum | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action. | |||||
| CVE-2006-0349 | 1 Epic Designs | 1 Eggblog | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to blog.php. | |||||
| CVE-2005-1640 | 1 The Ignition Project | 1 Ignitionserver | 2024-02-04 | 7.5 HIGH | N/A |
| mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2005-1224 | 1 Duware | 1 Duportal | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236. | |||||
| CVE-2006-0480 | 1 Spaiz | 1 Spaiz-nuke Cms | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file. | |||||
| CVE-2005-3801 | 1 Counterpane | 1 Passwordsafe | 2024-02-04 | 4.6 MEDIUM | N/A |
| CounterPane PasswordSafe 1.x and 2.x allows local users to test possible encryption keys against a subset of the stored key data without performing the more expensive key derivation function (KDF) function, which reduces the search time in brute force attacks. | |||||
| CVE-2005-4327 | 1 Webcal | 1 Webcal | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt WebCal 1.11-3.04 allow remote attackers to inject arbitrary web script or HTML via the (1) function, (2) year, and (3) date parameters to webcal.cgi, (4) new calendar entries, and (5) notes for entries. | |||||
| CVE-2005-2427 | 1 Elemental Software | 1 Cartwiz | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2005-4065 | 1 Edgewall Software | 1 Trac | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-3355 | 1 Mpg123 | 1 Mpg123 | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982. | |||||
| CVE-2005-1814 | 1 Newmad Technologies | 1 Picowebserver | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in PicoWebServer 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URL. | |||||