Total
255018 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3224 | 1 Apple | 1 Safari | 2024-02-04 | 5.4 MEDIUM | N/A |
Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself. | |||||
CVE-2005-4722 | 1 The Media Shoppe Berhad | 1 Tmspublisher | 2024-02-04 | 5.0 MEDIUM | N/A |
_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message. | |||||
CVE-2006-1039 | 1 Sap | 1 Sap Web Application Server | 2024-02-04 | 6.4 MEDIUM | N/A |
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. | |||||
CVE-2005-0339 | 1 Foxmail | 1 Foxmail Email Server | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in Foxmail 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long MAIL FROM command. | |||||
CVE-2004-2325 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML. | |||||
CVE-2005-4648 | 1 Illustrate | 1 Dbpoweramp Music Converter | 2024-02-04 | 5.1 MEDIUM | N/A |
Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue. | |||||
CVE-2005-0061 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2024-02-04 | 7.2 HIGH | N/A |
The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. | |||||
CVE-2005-3197 | 1 Webroot Software | 1 Desktop Firewall | 2024-02-04 | 7.2 HIGH | N/A |
Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list. | |||||
CVE-2005-2844 | 1 Indiatimes Messenger | 1 Indiatimes Messenger | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object. | |||||
CVE-2006-4065 | 1 Dmitry Sheiko | 1 Sapid Gallery | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_calendar.inc.php or the (2) GLOBALS[root_path] parameter to (b) usr/extensions/get_tree.inc.php. | |||||
CVE-2005-2208 | 1 Privashare | 1 Privashare | 2024-02-04 | 5.0 MEDIUM | N/A |
PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message. | |||||
CVE-2005-4856 | 1 Ez | 1 Ez Publish | 2024-02-04 | 5.0 MEDIUM | N/A |
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url". | |||||
CVE-2004-0936 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2024-02-04 | 7.5 HIGH | N/A |
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
CVE-2006-3188 | 1 Sharky E-shop | 1 Sharky E-shop | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2005-0991 | 1 Ibm | 1 Aix | 2024-02-04 | 2.1 LOW | N/A |
RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files. | |||||
CVE-2005-1847 | 1 Yamt | 1 Yamt | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options. | |||||
CVE-2006-1433 | 1 Annuaire | 1 Directory | 2024-02-04 | 5.0 MEDIUM | N/A |
Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path. | |||||
CVE-2004-2348 | 1 Sybari | 1 Antigen | 2024-02-04 | 5.0 MEDIUM | N/A |
Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service (hang) via an encrypted ZIP file with the "include full path info" option set, as used by certain variants of the Beagle/Bagle worm. | |||||
CVE-2006-1454 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data. | |||||
CVE-2006-3792 | 1 Ufo2000 | 1 Ufo2000 | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the packet.c_str function. |