Total
254835 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0027 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. | |||||
CVE-2006-0843 | 1 Leif M. Wright | 1 Web Blog | 2024-02-04 | 5.0 MEDIUM | N/A |
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password. | |||||
CVE-2004-1277 | 1 Iglooftp | 1 Iglooftp | 2024-02-04 | 5.0 MEDIUM | N/A |
The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters. | |||||
CVE-2006-0426 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 7.5 HIGH | N/A |
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges. | |||||
CVE-2005-1810 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php. | |||||
CVE-2006-0932 | 1 Pear | 1 Pear Archive Zip | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive. | |||||
CVE-2005-3016 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. | |||||
CVE-2005-2578 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2552. Reason: This candidate is a duplicate of CVE-2005-2552. Notes: All CVE users should reference CVE-2005-2552 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-3837 | 1 Scssboard | 1 Scssboard | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the search module in sCssBoard 1.2 and 1.12, and earlier versions, allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. | |||||
CVE-2006-4590 | 1 Jetstat.com | 1 Js Asp Faq Manager | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2006-1615 | 1 Clamav | 1 Clamav | 2024-02-04 | 10.0 HIGH | N/A |
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. | |||||
CVE-2005-2102 | 1 Rob Flynn | 1 Gaim | 2024-02-04 | 5.0 MEDIUM | N/A |
The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters. | |||||
CVE-2006-3626 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 6.2 MEDIUM | N/A |
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root. | |||||
CVE-2005-3205 | 1 Oracle | 1 Database Server | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. | |||||
CVE-2006-3262 | 1 Mambo | 1 Mambo | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
CVE-2004-2292 | 1 Alt-n | 1 Mdaemon | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server. | |||||
CVE-2005-2836 | 1 Phorum | 1 Phorum | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php. | |||||
CVE-2004-2304 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2024-02-04 | 7.5 HIGH | N/A |
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. | |||||
CVE-2006-0389 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. | |||||
CVE-2006-1363 | 1 Justin White | 1 Freewps | 2024-02-04 | 7.5 HIGH | N/A |
images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file. |