Total
255367 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1284 | 1 Mpg123 | 1 Mpg123 | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist. | |||||
CVE-2005-1751 | 1 Shtool | 1 Shtool | 2024-02-04 | 3.7 LOW | N/A |
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759. | |||||
CVE-2006-3050 | 1 Six Offene Systeme Gmbh | 1 Sixcms | 2024-02-04 | 2.6 LOW | N/A |
Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter. | |||||
CVE-2006-2418 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. | |||||
CVE-2006-2106 | 1 Edgewall Software | 1 Trac | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro." | |||||
CVE-2006-0416 | 1 Sleeperchat | 1 Sleeperchat | 2024-02-04 | 5.0 MEDIUM | N/A |
SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php. | |||||
CVE-2005-1430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 3.6 LOW | N/A |
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users. | |||||
CVE-2006-4134 | 1 Sap | 1 Internet Graphics Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
CVE-2006-0621 | 1 Qnx | 1 Rtos | 2024-02-04 | 7.2 HIGH | N/A |
Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands. | |||||
CVE-2005-2851 | 1 Smb4k | 1 Smb4k | 2024-02-04 | 2.1 LOW | N/A |
smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files. | |||||
CVE-2005-4652 | 1 Phlymail | 1 Phlymail | 2024-02-04 | 6.4 MEDIUM | N/A |
SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
CVE-2005-2819 | 1 Eric Fichot | 1 Downfile | 2024-02-04 | 7.5 HIGH | N/A |
DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php. | |||||
CVE-2004-2563 | 1 Serena Software | 1 Serena Teamtrack | 2024-02-04 | 5.8 MEDIUM | N/A |
Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters. | |||||
CVE-2006-0464 | 1 Ideosoft Design | 1 Ideocontent Manager | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter. | |||||
CVE-2005-4732 | 1 Tux Racer | 1 Tuxbank | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) description parameters. | |||||
CVE-2005-0971 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.6 MEDIUM | N/A |
Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments. | |||||
CVE-2006-0884 | 1 Mozilla | 1 Thunderbird | 2024-02-04 | 9.3 HIGH | N/A |
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. | |||||
CVE-2004-1167 | 1 Gentoo | 1 Mirrorselect | 2024-02-04 | 5.0 MEDIUM | N/A |
mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack. | |||||
CVE-2006-0395 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.1 MEDIUM | N/A |
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types. | |||||
CVE-2006-1396 | 1 Cholod | 1 Mysql Based Message Board | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Based Message Board allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |