Total
254754 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1032 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** cart.php in LiteCommerce might allow remote attackers to obtain sensitive information via invalid (1) category_id or (2) product_id parameters. NOTE: this issue was originally claimed to be due to SQL injection, but the original researcher is known to be frequently inaccurate with respect to bug type and severity. The vendor has disputed this issue, saying "These reports are credited to malicious person we refused to hire. We have not taken legal action against him only because he is located in India. The vulnerabilites reported can not be reproduced, hence information you provide is contrary to fact." Further investigation by CVE personnel shows that an invalid SQL syntax error could be generated, but it only reveals portions of underlying database structure, which is already available in documentation from the vendor, and it does not appear to lead to path disclosure. Therefore, this issue is not a vulnerability or an exposure, and it probably should be REJECTED. | |||||
| CVE-2004-2526 | 1 Ibm | 1 Tivoli Directory Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter. | |||||
| CVE-2006-2776 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-04 | 7.5 HIGH | N/A |
| Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. | |||||
| CVE-2006-2085 | 1 Speedproject | 2 Speedcommander, Squeez | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename. | |||||
| CVE-2005-4228 | 1 Phpwebgallery | 1 Phpwebgallery | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier. | |||||
| CVE-2005-2809 | 1 Silc | 1 Secure Internet Live Conferencing | 2024-02-04 | 2.1 LOW | N/A |
| silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file. | |||||
| CVE-2005-0867 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | N/A |
| Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file. | |||||
| CVE-2004-0971 | 1 Mit | 1 Kerberos 5 | 2024-02-04 | 2.1 LOW | N/A |
| The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2005-3383 | 1 Techno Dreams | 1 Announcement Script | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | |||||
| CVE-2005-0645 | 1 Cutephp | 1 Cutenews | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php. | |||||
| CVE-2006-3628 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. | |||||
| CVE-2006-3934 | 1 Alkacon | 1 Opencms | 2024-02-04 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. | |||||
| CVE-2005-2710 | 1 Realnetworks | 2 Helix Player, Realplayer | 2024-02-04 | 5.1 MEDIUM | N/A |
| Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file. | |||||
| CVE-2006-0674 | 1 Ibm | 1 Aix | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument. | |||||
| CVE-2006-4626 | 1 Alwil | 1 Avast Antivirus | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow. | |||||
| CVE-2005-1269 | 1 Rob Flynn | 1 Gaim | 2024-02-04 | 5.0 MEDIUM | N/A |
| Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name. | |||||
| CVE-2005-1312 | 1 Yappa-ng | 1 Yappa-ng | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. | |||||
| CVE-2005-0809 | 1 Notify Technology | 1 Notifylink | 2024-02-04 | 7.5 HIGH | N/A |
| NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack. | |||||
| CVE-2006-0269 | 1 Oracle | 1 Oracle10g | 2024-02-04 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the SET_DIRECTORY_ROOT function in the DBMS_CDC_PUBLISH package. | |||||
| CVE-2006-3499 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 2.1 LOW | N/A |
| The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. | |||||