Total
255156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2265 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1914 | 1 Dbbs | 1 Dbbs | 2024-02-04 | 5.0 MEDIUM | N/A |
| DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid (1) fcategoryid parameter to topics.php or (2) unavariabile, (3) GLOBALS, or (4) _SERVER[] parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue. | |||||
| CVE-2004-1128 | 1 Youngzsoft | 1 Cmailserver | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename. | |||||
| CVE-2004-1215 | 1 Burut | 1 Kreed | 2024-02-04 | 5.0 MEDIUM | N/A |
| Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via a long UDP packet, which causes a "message too long" socket error. | |||||
| CVE-2005-3035 | 1 Compuware | 1 Driverstudio | 2024-02-04 | 5.0 MEDIUM | N/A |
| Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to cause a denial of service (reboot) via a UDP packet sent directly to port 9110. | |||||
| CVE-2005-3796 | 1 Alstrasoft | 1 Affiliate Network Pro | 2024-02-04 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability. | |||||
| CVE-2005-1184 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows 98se and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated. | |||||
| CVE-2006-0939 | 1 Dci-designs | 1 Dci-taskeen | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php. | |||||
| CVE-2005-2317 | 1 Shorewall | 1 Shorewall | 2024-02-04 | 7.5 HIGH | N/A |
| Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies. | |||||
| CVE-2005-0320 | 1 Icewarp | 1 Web Mail | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html. | |||||
| CVE-2005-3096 | 1 Avi Alkalay | 1 Nslookup.cgi | 2024-02-04 | 7.5 HIGH | N/A |
| Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter. | |||||
| CVE-2006-0213 | 1 Kolab | 1 Kolab Groupware Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges. | |||||
| CVE-2005-2895 | 1 Pblang | 1 Pblang | 2024-02-04 | 5.0 MEDIUM | N/A |
| setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message. | |||||
| CVE-2004-2342 | 1 Burton Sang | 1 Chatterbox | 2024-02-04 | 5.0 MEDIUM | N/A |
| ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed request to the server, as demonstrated using "aaaaaa". | |||||
| CVE-2004-0880 | 3 Gentoo, Getmail, Slackware | 3 Linux, Getmail, Slackware Linux | 2024-02-04 | 1.2 LOW | N/A |
| getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. | |||||
| CVE-2005-2219 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-04 | 4.6 MEDIUM | N/A |
| Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action. | |||||
| CVE-2006-1245 | 1 Microsoft | 1 Ie | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | |||||
| CVE-2005-3097 | 1 Avi Alkalay | 1 Contribute.cgi | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable. | |||||
| CVE-2006-1745 | 1 Bitweaver | 1 Bitweaver | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2086 | 1 Juniper | 1 Junipersetup Control | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter. | |||||