Total
255141 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3908 | 1 Amazon Shop | 1 Amazon Shop | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions before 5.0.2, allows remote attackers to inject web script or HTML via the query parameter. | |||||
| CVE-2006-3751 | 1 Htmlarea3 | 1 Htmlarea3 | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2005-3975 | 1 Drupal | 1 Drupal | 2024-02-04 | 4.0 MEDIUM | N/A |
| Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Drupal. | |||||
| CVE-2006-4381 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
| Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. | |||||
| CVE-2005-2029 | 1 Amarok | 1 Web Frontend | 2024-02-04 | 7.5 HIGH | N/A |
| amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file. | |||||
| CVE-2004-0923 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2024-02-04 | 2.1 LOW | N/A |
| CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords. | |||||
| CVE-2006-2200 | 2 Mimms, Xine | 2 Mimms, Xine-lib | 2024-02-04 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. | |||||
| CVE-2005-2937 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3663, CVE-2005-3664. Reason: this candidate was intended for one issue, but multiple advisories used this candidate for different issues. Notes: All CVE users should consult CVE-2005-3663 and CVE-2005-3664 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2006-2934 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
| SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer. | |||||
| CVE-2004-1300 | 1 Xine | 1 Xine-lib | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file. | |||||
| CVE-2006-1095 | 1 Apache | 1 Mod Python | 2024-02-04 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | |||||
| CVE-2005-4252 | 1 Mcgallery | 1 Mcgallery Pro | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters. | |||||
| CVE-2005-2446 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2369. Reason: This candidate is a duplicate of CVE-2005-2369. Notes: All CVE users should reference CVE-2005-2369 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-4280 | 1 Kitware | 1 Cmake | 2024-02-04 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2006-2427 | 1 Clam Anti-virus | 2 Clamav, Clamxav | 2024-02-04 | 7.2 HIGH | N/A |
| freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. | |||||
| CVE-2006-2756 | 1 Eitsop | 1 My Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897. | |||||
| CVE-2005-1920 | 2 Debian, Kde | 2 Debian Linux, Kde | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. | |||||
| CVE-2006-1896 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability. | |||||
| CVE-2006-0071 | 1 Gentoo | 2 App-crypt Pinentry, Linux | 2024-02-04 | 6.6 MEDIUM | N/A |
| The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. | |||||
| CVE-2005-2244 | 1 Cisco | 1 Call Manager | 2024-02-04 | 5.0 MEDIUM | N/A |
| The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow. | |||||