Total
255242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2302 | 1 Duware | 1 Dugallery | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_default.asp in DUGallery 2.x allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password field. | |||||
| CVE-2006-4332 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. | |||||
| CVE-2005-0722 | 1 Experience2 | 1 Experience2 | 2024-02-04 | 5.0 MEDIUM | N/A |
| eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message. | |||||
| CVE-2005-1303 | 1 Citat.pl | 1 Citat.pl | 2024-02-04 | 7.5 HIGH | N/A |
| The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. | |||||
| CVE-2006-1732 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-04 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. | |||||
| CVE-2006-1905 | 1 Xine | 1 Xine | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. | |||||
| CVE-2006-3470 | 1 Dell | 1 Openmanage Cd | 2024-02-04 | 7.5 HIGH | N/A |
| The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges. | |||||
| CVE-2006-4480 | 1 Nuked-klan | 1 Nuked-klan | 2024-02-04 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element. | |||||
| CVE-2006-1057 | 1 Gnome | 1 Gdm | 2024-02-04 | 3.7 LOW | N/A |
| Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | |||||
| CVE-2006-2116 | 1 Planet Concept | 1 Planetgallery | 2024-02-04 | 7.5 HIGH | N/A |
| planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php. | |||||
| CVE-2005-4320 | 1 Limbo Cms | 1 Limbo Cms | 2024-02-04 | 5.0 MEDIUM | N/A |
| Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message. | |||||
| CVE-2006-3652 | 1 Microsoft | 1 Isa Server | 2024-02-04 | 7.5 HIGH | N/A |
| Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties. | |||||
| CVE-2005-4705 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection. | |||||
| CVE-2006-3248 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4011. Reason: This candidate is a duplicate of CVE-2005-4011. Notes: All CVE users should reference CVE-2005-4011 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-3142 | 1 Kaspersky Lab | 4 Kaspersky Anti-virus, Kaspersky Anti-virus Personal, Kaspersky Anti-virus Personal Pro and 1 more | 2024-02-04 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 allows remote attackers to execute arbitrary code via a CAB file with large records after the header. | |||||
| CVE-2006-0729 | 1 Teca Scripts | 1 Teca Diary | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters. | |||||
| CVE-2005-0307 | 1 Mercuryboard | 1 Mercuryboard | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters. | |||||
| CVE-2006-3364 | 1 F-art Agency | 1 Blog Cms | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-2538 | 2 Ie Tab, Mozilla | 2 Ie Tab, Firefox | 2024-02-04 | 2.6 LOW | N/A |
| IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability. | |||||
| CVE-2006-1997 | 1 Sybase | 1 Pylon Anywhere | 2024-02-04 | 2.1 LOW | N/A |
| Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors. | |||||