Total
254755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1280 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2024-02-04 | 7.5 HIGH | N/A |
| CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files. | |||||
| CVE-2005-1476 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.1 MEDIUM | N/A |
| Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477. | |||||
| CVE-2005-3845 | 1 Ezinvoiceinc | 1 Ez Invoice Inc | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue." | |||||
| CVE-2006-1393 | 1 University Of Washington | 1 Pubcookie | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors. | |||||
| CVE-2005-0304 | 1 Divx | 1 Divx Player | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin. | |||||
| CVE-2004-2541 | 1 Cscope | 1 Cscope | 2024-02-04 | 6.9 MEDIUM | N/A |
| Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target. | |||||
| CVE-2005-2631 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2024-02-04 | 7.5 HIGH | N/A |
| Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users. | |||||
| CVE-2006-0736 | 1 Novell | 2 Linux Desktop, Open Enterprise Server | 2024-02-04 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-0987 | 1 Isc | 1 Bind | 2024-02-04 | 5.0 MEDIUM | N/A |
| The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. | |||||
| CVE-2006-2930 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2024-02-04 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied. | |||||
| CVE-2006-2117 | 1 Extrosoft | 1 Thyme | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. | |||||
| CVE-2005-2603 | 1 My Image Gallery | 1 My Image Gallery | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters. | |||||
| CVE-2006-0031 | 1 Microsoft | 1 Office | 2024-02-04 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. | |||||
| CVE-2005-3011 | 1 Gnu | 1 Texinfo | 2024-02-04 | 1.2 LOW | N/A |
| The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2006-2359 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-1515 | 1 Typespeed | 1 Typespeed | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-4008 | 1 Jax Calendar | 1 Jax Calendar | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. | |||||
| CVE-2004-0922 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2024-02-04 | 5.0 MEDIUM | N/A |
| AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box. | |||||
| CVE-2006-1060 | 1 Xzgv | 1 Xzgv | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required. | |||||
| CVE-2005-1021 | 1 Cisco | 1 Ios | 2024-02-04 | 7.1 HIGH | N/A |
| Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. | |||||