Total
254974 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3194 | 1 Estsoft | 1 Alzip | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive. | |||||
| CVE-2005-3655 | 1 Novell | 1 Open Enterprise Server | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. | |||||
| CVE-2005-0897 | 1 Magicscripts | 1 E-store Kit-2 | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-2711 | 1 Iss | 4 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 1 more | 2024-02-04 | 7.2 HIGH | N/A |
| ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM. | |||||
| CVE-2005-4028 | 1 Amember | 1 Amember | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_login parameter to sendpass.php and (2) login parameter to member.php. | |||||
| CVE-2005-1002 | 1 Logics Software | 1 Log-ft | 2024-02-04 | 5.0 MEDIUM | N/A |
| logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters. | |||||
| CVE-2005-3829 | 1 Activecampaign | 1 Knowledgebuilder | 2024-02-04 | 7.8 HIGH | N/A |
| index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed. | |||||
| CVE-2005-0159 | 1 Debian | 2 Debian Linux, Toolchain-source | 2024-02-04 | 4.6 MEDIUM | N/A |
| The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-0470 | 3 Gentoo, Suse, Wpa Supplicant | 3 Linux, Suse Linux, Wpa Supplicant | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. | |||||
| CVE-2005-2962 | 1 Ntlmaps | 1 Ntlmaps | 2024-02-04 | 2.1 LOW | N/A |
| The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password. | |||||
| CVE-2005-4609 | 1 Incogen | 1 Bugport | 2024-02-04 | 5.0 MEDIUM | N/A |
| index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter. | |||||
| CVE-2006-0826 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to cause a denial of service via a crafted Postscript request. | |||||
| CVE-2006-4486 | 1 Php | 1 Php | 2024-02-04 | 2.6 LOW | N/A |
| Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction. | |||||
| CVE-2006-2890 | 1 Pixelpost | 1 Pixelpost | 2024-02-04 | 5.1 MEDIUM | N/A |
| Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | |||||
| CVE-2005-0878 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message). | |||||
| CVE-2005-2990 | 1 Linecontrol | 1 Java Client | 2024-02-04 | 2.1 LOW | N/A |
| AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores sensitive information such as user passwords in log files. | |||||
| CVE-2006-1361 | 1 Oswiki | 1 Oswiki | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml. | |||||
| CVE-2005-0202 | 1 Gnu | 1 Mailman | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. | |||||
| CVE-2005-2786 | 1 Cosmoshop | 1 Cosmoshop | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | |||||
| CVE-2006-3226 | 1 Cisco | 1 Secure Access Control Server | 2024-02-04 | 7.5 HIGH | N/A |
| Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." | |||||