Total
254755 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4369 | 1 Integramod | 1 Integramod Portal | 2024-02-04 | 2.6 LOW | N/A |
Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter. | |||||
CVE-2006-4056 | 2 The Address Book, The Address Book Reloaded | 2 The Address Book, The Address Book Reloaded | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information. | |||||
CVE-2006-4589 | 1 Dyncms | 1 Dyncms | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter. | |||||
CVE-2006-2694 | 1 Scriptscenter | 1 Ezupload Pro | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) form.php, (2) customize.php, and (3) initialize.php. | |||||
CVE-2004-1116 | 1 Gentoo | 1 Linux | 2024-02-04 | 7.2 HIGH | N/A |
The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||||
CVE-2006-2607 | 1 Paul Vixie | 1 Vixie Cron | 2024-02-04 | 7.2 HIGH | N/A |
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf. | |||||
CVE-2006-4325 | 1 Doika | 1 Doika Guestbook | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
CVE-2004-2394 | 1 Mandrakesoft | 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall | 2024-02-04 | 2.1 LOW | N/A |
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. | |||||
CVE-2006-0383 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.0 MEDIUM | N/A |
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions". | |||||
CVE-2004-1114 | 1 Skype Technologies | 1 Skype | 2024-02-04 | 9.3 HIGH | N/A |
Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777. | |||||
CVE-2005-0894 | 1 Openmosixview | 1 Openmosixview | 2024-02-04 | 3.6 LOW | N/A |
OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp. | |||||
CVE-2006-1799 | 1 Adcentrix | 1 Censtore | 2024-02-04 | 7.5 HIGH | N/A |
censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | |||||
CVE-2006-3972 | 1 Scott Weedon | 1 Ajax Chat | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter. | |||||
CVE-2005-2375 | 1 Codemasters | 1 Toca Race Driver | 2024-02-04 | 5.0 MEDIUM | N/A |
Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a (1) nickname or (2) chat message. | |||||
CVE-2006-2586 | 1 Iplogger | 1 Iplogger | 2024-02-04 | 5.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the HTTP_REFERER header in an HTTP request. | |||||
CVE-2005-0821 | 1 Citrix | 1 Metaframe Conferencing Manager | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | |||||
CVE-2005-2277 | 1 Nokia | 1 Affix | 2024-02-04 | 10.0 HIGH | N/A |
Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | |||||
CVE-2006-3599 | 1 Php-nuke | 1 Advanced Classified Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op. | |||||
CVE-2005-3965 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2607. Reason: This candidate is a duplicate of CVE-2004-2607. Notes: All CVE users should reference CVE-2004-2607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2006-3955 | 1 Minibb | 1 Minibb | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php. |