Total
254972 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0152 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." | |||||
CVE-2006-1868 | 1 Oracle | 1 Database Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package, aka Vuln# DB03. | |||||
CVE-2004-1286 | 1 Napshare | 1 Napshare | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response. | |||||
CVE-2005-3316 | 1 Symantec | 2 Discovery, On Command Discovery | 2024-02-04 | 7.5 HIGH | N/A |
The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password. | |||||
CVE-2006-4189 | 1 Boonex | 1 Dolphin | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts. | |||||
CVE-2006-1109 | 1 Totalecommerce | 1 Totalecommerce | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE. | |||||
CVE-2005-4534 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 7.5 HIGH | N/A |
The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2005-4595 | 1 Gentoo | 2 Nview, Xnview | 2024-02-04 | 7.2 HIGH | N/A |
Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory. | |||||
CVE-2005-2217 | 1 Craig Dansie | 1 Dansie Shopping Cart | 2024-02-04 | 5.0 MEDIUM | N/A |
Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. | |||||
CVE-2004-2302 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.6 LOW | N/A |
Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files. | |||||
CVE-2005-2013 | 1 Php Arena | 1 Pafaq | 2024-02-04 | 5.0 MEDIUM | N/A |
paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | |||||
CVE-2006-4050 | 1 David Walker | 1 Phpautomembersarea | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. | |||||
CVE-2006-2416 | 1 E107 | 1 E107 | 2024-02-04 | 5.1 MEDIUM | N/A |
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. | |||||
CVE-2005-2790 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2024-02-04 | 7.5 HIGH | N/A |
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client. | |||||
CVE-2005-3711 | 1 Apple | 1 Quicktime | 2024-02-04 | 7.5 HIGH | N/A |
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values. | |||||
CVE-2006-4319 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. | |||||
CVE-2005-0136 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761. | |||||
CVE-2005-0207 | 4 Conectiva, Linux, Redhat and 1 more | 5 Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-02-04 | 2.1 LOW | N/A |
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT. | |||||
CVE-2005-4635 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for valid lengths of the header and payload, which allows remote attackers to cause a denial of service (invalid memory reference) via malformed fib_lookup netlink messages. | |||||
CVE-2006-4316 | 1 Ssh | 1 Tectia Manager | 2024-02-04 | 7.2 HIGH | N/A |
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges. |