Total
255104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3963 | 1 Dotclear | 1 Dotclear | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie. | |||||
| CVE-2005-1399 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 4.6 MEDIUM | N/A |
| FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. | |||||
| CVE-2006-2331 | 1 Php Fusion | 1 Php Fusion | 2024-02-04 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files. | |||||
| CVE-2005-3210 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2004-1119 | 1 Nullsoft | 1 Winamp | 2024-02-04 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file. | |||||
| CVE-2005-2945 | 1 Arc | 1 Arc | 2024-02-04 | 2.1 LOW | N/A |
| arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c). | |||||
| CVE-2005-3666 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. | |||||
| CVE-2005-0797 | 1 Novell | 1 Ichain | 2024-02-04 | 5.0 MEDIUM | N/A |
| Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | |||||
| CVE-2006-0411 | 1 Claroline | 1 Claroline | 2024-02-04 | 10.0 HIGH | N/A |
| claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges. | |||||
| CVE-2005-4173 | 1 Efiction Project | 1 Efiction | 2024-02-04 | 5.0 MEDIUM | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. | |||||
| CVE-2005-2101 | 1 Kde | 1 Kde | 2024-02-04 | 5.0 MEDIUM | N/A |
| langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. | |||||
| CVE-2006-0115 | 1 Oneplug Solutions | 1 Oneplug Cms | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp. | |||||
| CVE-2005-0338 | 1 Savant | 1 Savant Webserver | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
| CVE-2005-3287 | 1 Rockliffe | 1 Mailsite Express | 2024-02-04 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory. | |||||
| CVE-2006-3401 | 1 Id Software | 1 Quake 3 Engine | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values. | |||||
| CVE-2004-1108 | 1 Gentoo | 1 Linux | 2024-02-04 | 2.1 LOW | N/A |
| qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory. | |||||
| CVE-2004-1136 | 1 Globalscape | 1 Cuteftp | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands. | |||||
| CVE-2005-1302 | 1 Swsoft | 1 Confixx | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. | |||||
| CVE-2005-2877 | 1 Twiki | 1 Twiki | 2024-02-04 | 7.5 HIGH | N/A |
| The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers. | |||||
| CVE-2006-1400 | 1 Metisware | 1 Instructor | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyTasks/PersonalTaskEdit.asp in Metisware Instructor 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Task parameter. | |||||