Total
255048 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1834 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.1 MEDIUM | N/A |
| Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings. | |||||
| CVE-2006-2760 | 1 Warpspeed | 1 4nforum | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2006-0020 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2024-02-04 | 9.3 HIGH | N/A |
| An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." | |||||
| CVE-2006-3361 | 1 Stud.ip | 1 Stud.ip | 2024-02-04 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) _PHPLIB[libdir] parameter in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP parameter in studip-htdocs/archiv_assi.php. | |||||
| CVE-2005-0155 | 1 Larry Wall | 1 Perl | 2024-02-04 | 4.6 MEDIUM | N/A |
| The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. | |||||
| CVE-2006-4162 | 1 Cpg-nuke | 1 Dragonfly Cms | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field. | |||||
| CVE-2006-0012 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2024-02-04 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." | |||||
| CVE-2005-2120 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-02-04 | 6.5 MEDIUM | N/A |
| Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. | |||||
| CVE-2006-3044 | 1 Logisphere | 1 Logisphere | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page. | |||||
| CVE-2005-0879 | 1 Vortex Portal | 1 Vortex Portal | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter. | |||||
| CVE-2006-1856 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.5 HIGH | N/A |
| Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2006-1545 | 1 Vscripts | 1 Vnews | 2024-02-04 | 9.0 HIGH | N/A |
| Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php. | |||||
| CVE-2006-4651 | 1 Threesquared.net | 1 Php Download Script | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter. | |||||
| CVE-2004-0967 | 1 Aladdin Enterprises | 1 Ghostscript | 2024-02-04 | 7.2 HIGH | N/A |
| The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2004-1001 | 1 Debian | 1 Shadow | 2024-02-04 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. | |||||
| CVE-2005-0379 | 1 Zeroboard | 1 Zeroboard | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php. | |||||
| CVE-2005-3567 | 1 Ibm | 1 Tivoli Directory Server | 2024-02-04 | 5.8 MEDIUM | N/A |
| slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors. | |||||
| CVE-2005-0760 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 5.0 MEDIUM | N/A |
| The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. | |||||
| CVE-2006-1989 | 1 Clam Anti-virus | 1 Clamav | 2024-02-04 | 5.1 MEDIUM | N/A |
| Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. | |||||
| CVE-2006-1314 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. | |||||