Total
254755 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2395 | 1 Mandrakesoft | 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall | 2024-02-04 | 2.1 LOW | N/A |
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. | |||||
CVE-2006-2945 | 1 Andreas Gohr | 1 Dokuwiki | 2024-02-04 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors. | |||||
CVE-2005-3562 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2955. Reason: This candidate is a reservation duplicate of CVE-2005-2955. Notes: All CVE users should reference CVE-2005-2955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2006-2449 | 1 Kde | 1 Kde | 2024-02-04 | 4.0 MEDIUM | N/A |
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login. | |||||
CVE-2005-3176 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. | |||||
CVE-2006-4419 | 1 Promanager | 1 Promanager | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter. | |||||
CVE-2005-1620 | 1 Soren Boysen | 1 Skull-splitter Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1.0, 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message. | |||||
CVE-2006-4732 | 1 Microsoft | 1 Visual Basic | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object. | |||||
CVE-2005-1382 | 1 Oracle | 1 Application Server Web Cache | 2024-02-04 | 5.0 MEDIUM | N/A |
The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. | |||||
CVE-2006-1578 | 1 Index Data Aps | 1 Keystone Digital Library Suite | 2024-02-04 | 6.4 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module. | |||||
CVE-2006-4749 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594. | |||||
CVE-2006-4374 | 1 Irfanview | 1 Irfanview | 2024-02-04 | 2.6 LOW | N/A |
IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow. | |||||
CVE-2005-0620 | 1 Bfriendly.com | 1 Einstein | 2024-02-04 | 2.1 LOW | N/A |
Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information. | |||||
CVE-2005-1737 | 1 Electricmonk | 1 Proms | 2024-02-04 | 7.5 HIGH | N/A |
Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list. | |||||
CVE-2006-0774 | 1 Lawrence Osiris | 1 Db Esession | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID. | |||||
CVE-2006-4642 | 1 Auditwizard | 1 Auditwizard | 2024-02-04 | 1.7 LOW | N/A |
AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file. | |||||
CVE-2006-4009 | 1 Vwar | 1 Virtual War | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
CVE-2005-0981 | 1 Alstrasoft | 1 Epay | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter. | |||||
CVE-2004-2694 | 1 Microsoft | 1 Outlook Express | 2024-02-04 | 5.8 MEDIUM | N/A |
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". | |||||
CVE-2004-1191 | 1 Suse | 1 Suse Linux | 2024-02-04 | 1.2 LOW | N/A |
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages." |