Total
254898 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1133 | 1 Ibm | 1 Iseries As 400 | 2024-02-04 | 5.0 MEDIUM | N/A |
| The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | |||||
| CVE-2006-2593 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2581. Reason: This candidate is a duplicate of CVE-2006-2581. Notes: All CVE users should reference CVE-2006-2581 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2004-2336 | 1 Novell | 2 Groupwise, Netware | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. | |||||
| CVE-2006-4650 | 1 Cisco | 1 Ios | 2024-02-04 | 2.6 LOW | N/A |
| Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. | |||||
| CVE-2006-3381 | 1 Sturgeon Upload | 1 Sturgeon Upload | 2024-02-04 | 7.5 HIGH | N/A |
| SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product. | |||||
| CVE-2005-3130 | 1 Lucidcms | 1 Lucidcms | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field. | |||||
| CVE-2006-4605 | 1 Longino | 1 Jacome Php-revista | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter. | |||||
| CVE-2006-3586 | 1 Jetbox | 1 Jetbox Cms | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php. | |||||
| CVE-2005-3714 | 1 Apple | 2 Airport Express, Airport Extreme | 2024-02-04 | 5.0 MEDIUM | N/A |
| The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets. | |||||
| CVE-2005-4861 | 1 Jasio.net | 1 Ragnarok Online Control Panel | 2024-02-04 | 7.5 HIGH | N/A |
| functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | |||||
| CVE-2005-3466 | 1 Oracle | 1 Peoplesoft Enterprise Customer Relationship Management | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01. | |||||
| CVE-2005-2267 | 1 Mozilla | 1 Firefox | 2024-02-04 | 7.5 HIGH | N/A |
| Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL. | |||||
| CVE-2005-1951 | 1 Oscommerce | 1 Oscommerce | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php. | |||||
| CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | |||||
| CVE-2005-3034 | 1 Compuware | 1 Driverstudio | 2024-02-04 | 7.5 HIGH | N/A |
| Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to bypass authentication via a null session. | |||||
| CVE-2005-1873 | 1 Crob | 1 Crob Ftp | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with a long string or (2) a globbing ("*") character followed by a long string. | |||||
| CVE-2005-4704 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges. | |||||
| CVE-2006-2710 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2024-02-04 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same invariant RSA key for all installations, which allows remote attackers with the key to decrypt communications. | |||||
| CVE-2004-2482 | 1 Microsoft | 1 Outlook | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. | |||||
| CVE-2006-2832 | 1 Drupal | 1 Drupal | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | |||||