Total
254777 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0529 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context. | |||||
CVE-2004-2463 | 1 Ada | 1 Imgsvr | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attackers to cause a denial of service (web server crash) or execute arbitrary code via a long GET request. | |||||
CVE-2006-2820 | 1 Hotwebscripts | 1 Weblog Oggi | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element. | |||||
CVE-2006-1183 | 1 Ubuntu | 1 Ubuntu Linux | 2024-02-04 | 7.2 HIGH | N/A |
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. | |||||
CVE-2006-0066 | 1 Phpjournaler | 1 Phpjournaler | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter. | |||||
CVE-2005-1263 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | N/A |
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow. | |||||
CVE-2006-2964 | 1 Xtreme Scripts | 1 Download Manager | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php. | |||||
CVE-2005-2616 | 1 Ezupload | 1 Ezupload | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php. | |||||
CVE-2005-2503 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 4.6 MEDIUM | N/A |
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window. | |||||
CVE-2005-2803 | 1 Hiki | 1 Hiki | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336. | |||||
CVE-2006-2845 | 1 Redaxo | 1 Redaxo | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. | |||||
CVE-2004-2550 | 1 Xperience | 1 Sandsurfer | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data. | |||||
CVE-2006-3523 | 1 Clearswift | 1 Mimesweeper For Web | 2024-02-04 | 5.0 MEDIUM | N/A |
Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate. | |||||
CVE-2004-2588 | 1 Xmb Software | 1 Xmb Forum | 2024-02-04 | 5.0 MEDIUM | N/A |
Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application. | |||||
CVE-2005-4553 | 1 Kmint21 Software | 1 Golden Ftp Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long APPE command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-2038 | 1 Fortibus | 1 Fortibus Cms | 2024-02-04 | 5.0 MEDIUM | N/A |
Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page. | |||||
CVE-2006-1882 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture. | |||||
CVE-2005-1494 | 1 Megabook | 1 Megabook | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter. | |||||
CVE-2005-2713 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 6.8 MEDIUM | N/A |
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option. | |||||
CVE-2005-3980 | 1 Edgewall Software | 1 Trac | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. |