Total
254830 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-3036 | 1 Ttxn | 1 File Transfer Anywhere | 2024-02-04 | 4.6 MEDIUM | N/A |
File Transfer Anywhere 3.01 stores sensitive password information in plaintext in the PASS value in the "File Transfer Anywhere" registry key, which allows local users to gain privileges. | |||||
CVE-2005-2447 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2370. Reason: This candidate is a duplicate of CVE-2005-2370. Notes: All CVE users should reference CVE-2005-2370 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2005-0930 | 1 Chatness | 1 Chatness | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the user field or (2) the message parameter to message.php. | |||||
CVE-2005-1802 | 1 Nortel | 9 Contivity, Vpn Router 1010, Vpn Router 1050 and 6 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. | |||||
CVE-2006-0548 | 1 Oracle | 1 Database Server | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB15 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. | |||||
CVE-2005-2452 | 1 Libtiff | 1 Libtiff | 2024-02-04 | 5.0 MEDIUM | N/A |
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804. | |||||
CVE-2005-1474 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.5 HIGH | N/A |
Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933. | |||||
CVE-2005-2688 | 1 Savewebportal | 1 Savewebportal | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields. | |||||
CVE-2006-2802 | 1 Xine | 2 Gxine, Xine-lib | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. | |||||
CVE-2005-2764 | 1 Openttd | 1 Openttd | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2006-2707 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2024-02-04 | 5.0 MEDIUM | N/A |
Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients. | |||||
CVE-2006-0282 | 1 Oracle | 3 Application Server, Collaboration Suite, Database Server | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC01 in the Protocol Support component. | |||||
CVE-2004-2747 | 1 Pablo Software Solutions | 1 Quick N Easy Ftp Server | 2024-02-04 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error messages depending on whether the file exists or not. | |||||
CVE-2005-1237 | 1 China-on-site | 1 Flexphpnews | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
CVE-2006-0089 | 1 Esri | 1 Arcpad | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute. | |||||
CVE-2005-3679 | 1 Activecampaign | 1 1-2-all Broadcast Email | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel. | |||||
CVE-2006-0227 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 2.6 LOW | N/A |
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors. | |||||
CVE-2006-2915 | 1 Deluxebb | 1 Deluxebb | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration. | |||||
CVE-2005-0638 | 3 Altlinux, Suse, Xli | 3 Alt Linux, Suse Linux, Xli | 2024-02-04 | 7.5 HIGH | N/A |
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command. | |||||
CVE-2005-1223 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field. |