Total
254753 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2569 | 1 David Stes | 1 Ipmenu | 2024-02-04 | 2.1 LOW | N/A |
| ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file. | |||||
| CVE-2006-0292 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-04 | 7.5 HIGH | N/A |
| The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. | |||||
| CVE-2004-2556 | 1 Netgear | 1 Wg602 | 2024-02-04 | 5.0 MEDIUM | N/A |
| NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | |||||
| CVE-2005-4197 | 1 Nortel | 1 Ssl Vpn | 2024-02-04 | 7.5 HIGH | N/A |
| tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. | |||||
| CVE-2006-4472 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | |||||
| CVE-2006-2048 | 1 Phpwebftp | 1 Phpwebftp | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE: it is possible that the affected version is actually 3.2. | |||||
| CVE-2005-1889 | 1 Sun | 1 Java System Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. | |||||
| CVE-2004-0139 | 1 Sgi | 1 Irix | 2024-02-04 | 10.0 HIGH | N/A |
| Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack vectors. | |||||
| CVE-2005-4513 | 1 Wandsoft | 1 E-search | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keywords parameter. | |||||
| CVE-2006-1351 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP. | |||||
| CVE-2005-3882 | 1 Faqsystems | 1 Faqring Knowledge Base Software | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-1988 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.1 MEDIUM | N/A |
| Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability". | |||||
| CVE-2005-0495 | 1 Zeroboard | 1 Zeroboard | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php. | |||||
| CVE-2005-3375 | 1 Ikarus | 1 Ikarus Antivirus | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2006-1701 | 1 Shadowed Portal | 1 Shadowed Portal | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. | |||||
| CVE-2005-3883 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. | |||||
| CVE-2006-2122 | 1 Coolmenus | 1 Coolmenus | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: the original report for this issue is probably erroneous, since CoolMenus does not appear to be written in PHP. | |||||
| CVE-2005-0927 | 1 Web-app.org | 1 Webapp | 2024-02-04 | 10.0 HIGH | N/A |
| Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences. | |||||
| CVE-2004-2679 | 1 Checkpoint | 1 Firewall-1 | 2024-02-04 | 7.8 HIGH | N/A |
| Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information. | |||||
| CVE-2005-3285 | 1 Comersus Open Technologies | 1 Comersus Backoffice Plus | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters. | |||||