Total
254781 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1336 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable. | |||||
CVE-2006-4490 | 1 Cybozu | 2 Cybozu Office, Share 360 | 2024-02-04 | 4.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe. | |||||
CVE-2005-3925 | 1 Helpdesk Issue Manager | 1 Helpdesk Issue Manager | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php. | |||||
CVE-2005-3032 | 1 Cambridge Computer Corporation | 1 Vxtftpsrv | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TFTP request with a long filename argument. | |||||
CVE-2004-1029 | 5 Conectiva, Gentoo, Hp and 2 more | 8 Linux, Linux, Hp-ux and 5 more | 2024-02-04 | 9.3 HIGH | N/A |
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. | |||||
CVE-2006-3119 | 1 Fbi | 1 Fbi | 2024-02-04 | 5.1 MEDIUM | N/A |
The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands. | |||||
CVE-2005-3683 | 1 Freeftpd | 1 Freeftpd | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command. | |||||
CVE-2005-0267 | 1 Flatnuke | 1 Flatnuke | 2024-02-04 | 7.5 HIGH | N/A |
index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive. | |||||
CVE-2005-1941 | 1 Silvercity Project | 1 Silvercity | 2024-02-04 | 3.7 LOW | 7.8 HIGH |
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | |||||
CVE-2005-1550 | 1 Colored Scripts | 1 Easy Message Board | 2024-02-04 | 7.5 HIGH | N/A |
easymsgb.pl in Easy Message Board allows remote attackers to execute arbitrary commands via shell metacharacters in the print parameter. | |||||
CVE-2005-2639 | 1 Valusoft | 1 Chris Moneymakers World Poker Championship | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | |||||
CVE-2006-3054 | 1 Vbzoom | 1 Vbzoom | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php. | |||||
CVE-2005-3273 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats. | |||||
CVE-2004-2452 | 1 Hitachi | 1 Cosminexus Portal Framework | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library. | |||||
CVE-2006-2971 | 1 Overkill | 1 Overkill | 2024-02-04 | 5.0 MEDIUM | N/A |
Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function. | |||||
CVE-2006-0255 | 1 Checkpoint | 1 Vpn-1 | 2024-02-04 | 7.2 HIGH | N/A |
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. | |||||
CVE-2006-3570 | 1 Drupal | 1 Drupal | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2005-0524 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. | |||||
CVE-2005-1761 | 2 Novell, Suse | 3 Linux Desktop, Open Enterprise Server, Suse Linux | 2024-02-04 | 2.1 LOW | N/A |
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function. | |||||
CVE-2005-4655 | 1 Php Fusion | 1 Php Fusion | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>". |