Total
254755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4782 | 1 Netbsd | 1 Netbsd | 2024-02-04 | 4.9 MEDIUM | N/A |
| NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is compiled with "options DIAGNOSTIC," allows local users to cause a denial of service (kernel assertion panic) via a negative linger time in the SO_LINGER socket option. | |||||
| CVE-2006-1150 | 1 Teg | 1 Tenes Empanadas Graciela | 2024-02-04 | 7.8 HIGH | N/A |
| Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error. | |||||
| CVE-2004-1057 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-04 | 7.2 HIGH | N/A |
| Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages. | |||||
| CVE-2006-3914 | 1 Blackboard | 1 Blackboard Academic Suite | 2024-02-04 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook. | |||||
| CVE-2005-2729 | 1 Astaro | 1 Security Linux | 2024-02-04 | 7.5 HIGH | N/A |
| The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services. | |||||
| CVE-2004-2557 | 1 Netgear | 1 Wg602 | 2024-02-04 | 5.0 MEDIUM | N/A |
| NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. | |||||
| CVE-2006-1671 | 1 Cisco | 5 Ons 15310-cl Series, Ons 15454 Mspp, Ons 15600 and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558. | |||||
| CVE-2005-1996 | 1 Bitrix | 1 Bitrix Site Manager | 2024-02-04 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter. | |||||
| CVE-2005-4160 | 1 Torrential | 1 Torrential | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument. | |||||
| CVE-2006-1705 | 1 Oracle | 2 Oracle10g, Oracle9i | 2024-02-04 | 2.1 LOW | N/A |
| Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | |||||
| CVE-2006-0735 | 2 Fuzzymonkey, M Blom | 2 My Blog, Html-bbcode | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag. | |||||
| CVE-2006-4031 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 2.1 LOW | N/A |
| MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. | |||||
| CVE-2006-1195 | 1 Enet | 1 Enet Library | 2024-02-04 | 5.0 MEDIUM | N/A |
| The enet_protocol_handle_send_fragment function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet fragment with a large total data size, which triggers an application abort when memory allocation fails. | |||||
| CVE-2006-2711 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2024-02-04 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages. | |||||
| CVE-2004-2546 | 2 Samba, Trustix | 2 Samba, Secure Linux | 2024-02-04 | 6.4 MEDIUM | N/A |
| Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). | |||||
| CVE-2006-2728 | 1 Jan Chmelik | 1 Photoalbum Bandw | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter. | |||||
| CVE-2005-1225 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. | |||||
| CVE-2006-2903 | 1 Particle Soft | 1 Particle Links | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2005-1875 | 1 Exhibit Engine | 1 Exhibit Engine | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter. | |||||
| CVE-2004-1063 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2024-02-04 | 10.0 HIGH | N/A |
| PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | |||||