Total
255086 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1459 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). | |||||
CVE-2006-4222 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123. | |||||
CVE-2005-0789 | 1 Limewire | 1 Limewire | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request. | |||||
CVE-2004-2298 | 1 Novell | 2 Internet Messaging System, Netmail | 2024-02-04 | 6.4 MEDIUM | N/A |
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator. | |||||
CVE-2006-3582 | 1 Audacious Media Player Team | 1 Adplug | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF, (2) MTK, (3) DMO, and (4) U6M files. | |||||
CVE-2006-3117 | 2 Openoffice, Sun | 2 Openoffice, Staroffice | 2024-02-04 | 7.6 HIGH | N/A |
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability." | |||||
CVE-2006-4088 | 1 Civicspace | 1 Civicspace | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections. | |||||
CVE-2006-0226 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 10.0 HIGH | N/A |
Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames. | |||||
CVE-2005-0551 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | |||||
CVE-2006-0538 | 1 Ciphertrust | 1 Ironmail | 2024-02-04 | 2.6 LOW | N/A |
CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows remote attackers to cause a denial of service (possibly CPU consumption) via a SYN flood with malformed TCP packets from multiple connections. | |||||
CVE-2005-1959 | 1 Jammail | 1 Jammail | 2024-02-04 | 7.5 HIGH | N/A |
jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute arbitrary commands via shell metacharacters in the mail parameter. | |||||
CVE-2005-1999 | 1 Php Arena | 1 Pafiledb | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php). | |||||
CVE-2005-1446 | 1 Sitepanel | 1 Sitepanel | 2024-02-04 | 7.5 HIGH | N/A |
SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket. | |||||
CVE-2006-0110 | 1 Javier Suarez Sanz | 1 Foro Domus | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter. | |||||
CVE-2005-1962 | 1 Cerberus | 1 Cerberus Helpdesk | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. | |||||
CVE-2006-3783 | 1 Sun | 1 Solaris | 2024-02-04 | 4.9 MEDIUM | N/A |
Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point. | |||||
CVE-2005-2789 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2024-02-04 | 7.5 HIGH | N/A |
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username. | |||||
CVE-2005-3152 | 1 Devellion | 1 Cubecart | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1. | |||||
CVE-2006-1371 | 1 Xhp | 1 Cms | 2024-02-04 | 9.0 HIGH | N/A |
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php. | |||||
CVE-2005-4580 | 1 Day | 1 Communique | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search. |