Total
255314 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1982 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 3.6 LOW | N/A |
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. | |||||
CVE-2006-0327 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.0 MEDIUM | N/A |
TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails. | |||||
CVE-2005-3893 | 1 Otrs | 1 Otrs | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action. | |||||
CVE-2006-1899 | 1 Dev | 1 Neuron Blog | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters. | |||||
CVE-2006-4364 | 1 Alt-n | 1 Mdaemon | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands. | |||||
CVE-2004-1073 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-04 | 2.1 LOW | N/A |
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. | |||||
CVE-2005-1712 | 1 Sy9 | 1 Serendipity | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files. | |||||
CVE-2005-1495 | 1 Oracle | 3 Application Server, Oracle10g, Oracle9i | 2024-02-04 | 7.5 HIGH | N/A |
Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | |||||
CVE-2004-1070 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-04 | 7.2 HIGH | N/A |
The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. | |||||
CVE-2006-2319 | 1 Ideal Science | 1 Idealbb | 2024-02-04 | 5.0 MEDIUM | N/A |
Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename. | |||||
CVE-2006-3669 | 1 Mercury Messenger | 1 Mercury Messenger | 2024-02-04 | 2.1 LOW | N/A |
Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users. | |||||
CVE-2006-0308 | 1 Htmltonuke | 1 Htmltonuke | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter. | |||||
CVE-2005-1758 | 1 Novell | 1 Netmail | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code. | |||||
CVE-2006-3297 | 1 Uebimiau | 1 Uebimiau | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-0512 | 1 Padl Software | 1 Migrationtools | 2024-02-04 | 2.1 LOW | N/A |
PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh. | |||||
CVE-2006-0799 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 4.0 MEDIUM | N/A |
Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different. | |||||
CVE-2005-0654 | 1 Gimp | 1 Gimp | 2024-02-04 | 5.0 MEDIUM | N/A |
gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero. | |||||
CVE-2004-1135 | 1 Ipswitch | 1 Ws Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. | |||||
CVE-2005-3104 | 1 Six Apart | 1 Movable Type | 2024-02-04 | 2.6 LOW | N/A |
mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments. | |||||
CVE-2005-0037 | 1 Dnrd | 1 Dnrd | 2024-02-04 | 5.0 MEDIUM | N/A |
The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. |