Total
255135 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1158 | 1 Kerio | 1 Kerio Mailserver | 2024-02-04 | 7.8 HIGH | N/A |
Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command. | |||||
CVE-2005-3430 | 1 Rockliffe | 1 Mailsite Express | 2024-02-04 | 7.5 HIGH | N/A |
Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension. | |||||
CVE-2006-1090 | 1 Punbb | 1 Punbb | 2024-02-04 | 7.8 HIGH | N/A |
register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations. | |||||
CVE-2004-1168 | 1 Mysql | 1 Maxdb | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header. | |||||
CVE-2005-1531 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-04 | 7.5 HIGH | N/A |
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant." | |||||
CVE-2006-4131 | 1 Arcsoft | 1 Mms Composer | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers. | |||||
CVE-2005-4128 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4092. Reason: This candidate is a duplicate of CVE-2005-4092. This candidate was originally published to handle a pre-patch vague announcement, but multiple simultaneous pre-patch announcements resulted in duplicate CVEs that could not be identified until a full patch was released. Notes: All CVE users should reference CVE-2005-4092 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-0805 | 1 Subdreamer | 1 Subdreamer Light | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php. | |||||
CVE-2006-1973 | 1 Linksys | 1 Rt31p2 | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages. | |||||
CVE-2006-2840 | 1 Pmwiki | 1 Pmwiki | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2005-2591 | 1 Parlano | 1 Mindalign | 2024-02-04 | 5.0 MEDIUM | N/A |
Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability. | |||||
CVE-2006-3014 | 1 Microsoft | 1 Excel | 2024-02-04 | 5.1 MEDIUM | N/A |
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet. | |||||
CVE-2005-1318 | 1 Horde | 1 Forwards | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
CVE-2005-0227 | 1 Postgresql | 1 Postgresql | 2024-02-04 | 4.3 MEDIUM | N/A |
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension. | |||||
CVE-2004-2303 | 1 Mtools | 1 Mformat | 2024-02-04 | 3.6 LOW | N/A |
MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files. | |||||
CVE-2005-0686 | 1 Mlterm | 1 Mlterm | 2024-02-04 | 7.5 HIGH | N/A |
Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background. | |||||
CVE-2004-1262 | 1 Stuart Cunningham | 1 Bsb2ppm | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm 0.0.6 allows remote attackers to execute arbitrary code via crafted BSB pictures. | |||||
CVE-2005-1546 | 1 Ht Editor | 1 Ht Editor | 2024-02-04 | 5.1 MEDIUM | N/A |
Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file. | |||||
CVE-2006-2014 | 1 Web-provence | 1 Sl Site | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS from an error message. | |||||
CVE-2005-2270 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-04 | 7.5 HIGH | N/A |
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object. |