Total
254754 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1016 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2024-02-04 | 2.1 LOW | N/A |
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition. | |||||
CVE-2006-2551 | 1 Hp | 1 Hp-ux | 2024-02-04 | 2.1 LOW | N/A |
Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors. | |||||
CVE-2006-0911 | 1 Ipswitch | 1 Whatsup | 2024-02-04 | 5.0 MEDIUM | N/A |
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. | |||||
CVE-2005-0294 | 1 Minis | 1 Minis | 2024-02-04 | 5.0 MEDIUM | N/A |
minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission to read, as demonstrated using the month parameter. | |||||
CVE-2005-4353 | 1 Toenda Software Development | 1 Toendacms | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2005-2451 | 1 Cisco | 2 Ios, Ios Xr | 2024-02-04 | 2.1 LOW | N/A |
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. | |||||
CVE-2005-4432 | 1 Playsms | 1 Playsms | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter. | |||||
CVE-2006-0710 | 1 Isode | 1 M-vault Server | 2024-02-04 | 7.5 HIGH | N/A |
Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP. | |||||
CVE-2006-3631 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
CVE-2006-2326 | 1 Onlyscript.info | 1 Online Universal Payment System Script | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to read arbitrary files via directory traversal sequences in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-4636 | 1 Szewo | 1 Phpcommander | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code. | |||||
CVE-2004-2377 | 1 Alcatel | 2 Omniswitch, Omniswitch 7800 | 2024-02-04 | 5.0 MEDIUM | N/A |
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled. | |||||
CVE-2005-2817 | 1 Simple Machines | 1 Simple Machines Forum | 2024-02-04 | 5.0 MEDIUM | N/A |
Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server. | |||||
CVE-2006-3598 | 1 Php-nuke | 1 Sections Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op. | |||||
CVE-2006-0724 | 1 Reamday Enterprises | 1 Magic News Lite | 2024-02-04 | 2.6 LOW | N/A |
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | |||||
CVE-2005-1727 | 1 Apple | 1 Mac Os X Server | 2024-02-04 | 3.7 LOW | N/A |
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions." | |||||
CVE-2006-1964 | 1 Aspsitem | 1 Aspsitem | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2005-4031 | 1 Mediawiki | 1 Mediawiki | 2024-02-04 | 7.5 HIGH | N/A |
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function. | |||||
CVE-2006-3236 | 1 Thinkfactory | 1 Thinkwms | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php. | |||||
CVE-2006-1492 | 1 Nikolay Avrionov | 1 Explorer Xp | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in dir.php in Explorer XP allows remote attackers to read arbitrary files via the chemin parameter. |