Total
254754 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3831 | 1 Kailash Nadh | 1 Boastmachine | 2024-02-04 | 5.0 MEDIUM | N/A |
The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file. | |||||
CVE-2005-0242 | 1 Yahoo | 1 Messenger | 2024-02-04 | 4.6 MEDIUM | N/A |
The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions. | |||||
CVE-2005-0578 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-04 | 2.1 LOW | N/A |
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory. | |||||
CVE-2006-0419 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 6.4 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections. | |||||
CVE-2005-4399 | 1 Libertas Solutions | 1 Libertas Enterprise Cms | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter. | |||||
CVE-2005-3151 | 1 Blender | 1 Blender | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument. | |||||
CVE-2005-1669 | 1 Opera | 1 Opera Browser | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. | |||||
CVE-2005-3382 | 1 Sophos | 1 Sophos Anti-virus | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
CVE-2005-1776 | 1 Cnedra | 1 Cnedra | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string. | |||||
CVE-2006-1013 | 1 Smartblog | 1 Smartblog | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file include vulnerability in index.php in SMartBlog (aka SMBlog) 1.2 allows remote attackers to include and execute arbitrary PHP files via (1) the pg parameter and (2) a query string without a parameter. | |||||
CVE-2005-3258 | 1 Squid | 1 Squid | 2024-02-04 | 5.0 MEDIUM | N/A |
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses. | |||||
CVE-2005-1105 | 1 Sun | 1 Javamail | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header. | |||||
CVE-2005-0676 | 1 Phpoutsourcing | 1 Zorum | 2024-02-04 | 7.5 HIGH | N/A |
index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability. | |||||
CVE-2005-0970 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.6 HIGH | N/A |
Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. | |||||
CVE-2006-2723 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. | |||||
CVE-2005-2620 | 1 Novell | 1 Groupwise | 2024-02-04 | 5.0 MEDIUM | N/A |
grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. | |||||
CVE-2006-1716 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 5.1 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. | |||||
CVE-2005-4876 | 1 Ignite Realtime | 1 Openfire | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877. | |||||
CVE-2006-4290 | 1 Sony | 1 Vaio Media Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. | |||||
CVE-2005-2619 | 2 Autonomy, Ibm | 4 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview. |