Total
254989 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0488 | 3 Microsoft, Mit, Sun | 3 Telnet Client, Kerberos 5, Sunos | 2024-02-04 | 5.0 MEDIUM | N/A |
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. | |||||
CVE-2005-0700 | 1 Aztek Forum | 1 Aztek Forum | 2024-02-04 | 5.0 MEDIUM | N/A |
The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie. | |||||
CVE-2005-0357 | 2 Emc, Sun | 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software | 2024-02-04 | 7.5 HIGH | N/A |
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID. | |||||
CVE-2005-3966 | 1 Java Search Engine | 1 Java Search Engine | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
CVE-2006-3304 | 1 Deluxebb | 1 Deluxebb | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter. | |||||
CVE-2005-0522 | 1 Lionmax Software | 1 Chat Anywhere | 2024-02-04 | 4.6 MEDIUM | N/A |
Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges. | |||||
CVE-2005-3774 | 1 Cisco | 1 Pix | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. | |||||
CVE-2006-1059 | 1 Samba | 1 Samba | 2024-02-04 | 1.2 LOW | N/A |
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. | |||||
CVE-2005-4786 | 1 Hauri | 3 Hauri Livecall, Virobot, Vrazmain.dll | 2024-02-04 | 4.0 MEDIUM | N/A |
Buffer overflow in the archive decompression library (vrAZMain.dll 5.8.22.137), as used in HAURI anti-virus products including (1) ViRobot Expert 4.0, (2) ViRobot Advanced Server, and (3) HAURI LiveCall, allows user-assisted attackers to execute arbitrary code via an ALZ archive containing a file with a long filename. | |||||
CVE-2006-0067 | 1 Vego | 1 Vego Links Builder | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2006-2597 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2585. Reason: This candidate is a duplicate of CVE-2006-2585. Notes: All CVE users should reference CVE-2006-2585 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2006-0648 | 1 Php Icalendar | 1 Php Icalendar | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php. | |||||
CVE-2005-2316 | 1 Dnrd | 1 Dnrd | 2024-02-04 | 5.0 MEDIUM | N/A |
Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (infinite recursion) via a DNS packet that uses message compression in the QNAME and two pointers that point to each other (circular buffer). | |||||
CVE-2006-0898 | 1 Lincoln D. Stein | 1 Crypt Cbc | 2024-02-04 | 2.6 LOW | N/A |
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael. | |||||
CVE-2006-1985 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2024-02-04 | 5.1 MEDIUM | N/A |
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function. | |||||
CVE-2006-1638 | 1 Aweb Labs | 1 Awebbb | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php. | |||||
CVE-2005-0075 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 5.0 MEDIUM | N/A |
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. | |||||
CVE-2005-1227 | 1 Phprojekt | 1 Phprojekt | 2024-02-04 | 5.1 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form. | |||||
CVE-2006-3664 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors. | |||||
CVE-2005-2479 | 1 Pablo Software Solutions | 1 Quick N Easy Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial of service (application crash or CPU consumption) via a long USER command. |