Total
254972 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4484 | 1 Php | 1 Php | 2024-02-04 | 2.6 LOW | N/A |
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array. | |||||
CVE-2005-1419 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter. | |||||
CVE-2005-4737 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 7.5 HIGH | N/A |
IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared. | |||||
CVE-2005-2232 | 1 Ibm | 1 Aix | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. | |||||
CVE-2005-4694 | 1 Plain Black | 1 Webgui | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors. | |||||
CVE-2004-0894 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 7.2 HIGH | N/A |
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | |||||
CVE-2005-2960 | 2 Debian, Gnu | 2 Debian Linux, Cfengine | 2024-02-04 | 2.1 LOW | N/A |
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | |||||
CVE-2006-2850 | 1 Php Labware | 1 Labwiki | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter. | |||||
CVE-2006-4722 | 1 Openbb | 1 Openbb | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2) collector.php. | |||||
CVE-2006-1367 | 1 Motorola | 2 Pebl U6, V600 | 2024-02-04 | 6.8 MEDIUM | N/A |
The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one. | |||||
CVE-2006-0108 | 1 Idea Development Id Oy | 1 Timecan Cms | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0107. | |||||
CVE-2006-2356 | 1 Ipswitch | 1 Whatsup Professional | 2024-02-04 | 5.0 MEDIUM | N/A |
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | |||||
CVE-2005-3040 | 1 Tac | 1 Vista | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the web interface (ISALogin.dll) for TAC Vista 4.0, and possibly other versions before 4.3, allows remote attackers to read arbitrary files via ".." sequences in the Template parameter. | |||||
CVE-2004-2689 | 1 Newsphp | 1 Newsphp | 2024-02-04 | 10.0 HIGH | N/A |
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value. | |||||
CVE-2006-3279 | 1 Aewebworks | 1 Aedating | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php. | |||||
CVE-2005-3055 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. | |||||
CVE-2006-3274 | 1 Webmin | 1 Webmin | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. | |||||
CVE-2006-3533 | 1 Pivot | 1 Pivot | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php. | |||||
CVE-2005-2653 | 1 Bbcaffe | 1 Bbcaffe | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message. | |||||
CVE-2005-3588 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field. |