Total
255242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3946 | 1 Apple | 2 Mac Os X, Safari | 2024-02-04 | 7.5 HIGH | N/A |
WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. | |||||
CVE-2005-0156 | 7 Ibm, Larry Wall, Redhat and 4 more | 9 Aix, Perl, Enterprise Linux and 6 more | 2024-02-04 | 2.1 LOW | N/A |
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | |||||
CVE-2006-0319 | 1 Farmers Wife | 1 Farmers Wife | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands. | |||||
CVE-2004-2548 | 1 Netwin | 2 Surgemail, Webmail | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547). | |||||
CVE-2006-2292 | 1 Inhouse Associates | 1 Ia-calendar | 2024-02-04 | 6.4 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in IA-Calendar allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in (a) calendar_new.asp and (b) default.asp, and (2) ID parameter in (c) calendar_detail.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2005-4035 | 1 Web4future | 1 Web4future Ecommerce | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php; the (3) the bid parameter to (b) viewbrands.php; and the (4) grp and (5) cat parameters to index.php. | |||||
CVE-2005-3761 | 1 Exponent | 1 Exponent | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer. | |||||
CVE-2006-0045 | 1 Linley Henzell | 1 Dungeon Crawl | 2024-02-04 | 7.2 HIGH | N/A |
crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges. | |||||
CVE-2004-0889 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2024-02-04 | 10.0 HIGH | N/A |
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. | |||||
CVE-2006-2584 | 1 Skyebox | 1 Skyebox | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox." | |||||
CVE-2006-1861 | 1 Freetype | 1 Freetype | 2024-02-04 | 7.5 HIGH | N/A |
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. | |||||
CVE-2005-3033 | 1 Cambridge Computer Corporation | 1 Vxweb | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | |||||
CVE-2006-0719 | 1 Deltascripts | 1 Php Classifieds | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter. | |||||
CVE-2006-0981 | 1 E-merge | 1 E-merge Winace | 2024-02-04 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive. | |||||
CVE-2006-2876 | 1 Deltascripts | 1 Php Pro Publish | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-2759 | 1 Jetty | 1 Jetty | 2024-02-04 | 5.0 MEDIUM | N/A |
jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations. | |||||
CVE-2006-0604 | 1 Hinton Design | 1 Phphg Guestbook | 2024-02-04 | 7.5 HIGH | N/A |
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access. | |||||
CVE-2005-0372 | 1 Gtk | 1 Gtk\+ | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. | |||||
CVE-2006-1283 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 7.2 HIGH | N/A |
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. | |||||
CVE-2006-1976 | 1 Geekforgod.net | 1 Prayer Request Board | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer Request Board (PRB) Beta 1 before 20060320 allows remote attackers to inject arbitrary web script or HTML via the Request field. |