Total
254751 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-3779 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.2 HIGH | N/A |
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors. | |||||
CVE-2005-3123 | 1 Gnu | 1 Gnump3d | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. | |||||
CVE-2006-3540 | 1 Zonelabs | 1 Zonealarm Security Suite | 2024-02-04 | 4.9 MEDIUM | N/A |
Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument. | |||||
CVE-2006-2702 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 5.0 MEDIUM | N/A |
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. | |||||
CVE-2006-0096 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | N/A |
wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors. NOTE: further investigation suggests that this issue requires root privileges to exploit, since it is protected by CAP_NET_ADMIN; thus it might not be a vulnerability, although capabilities provide finer distinctions between privilege levels. | |||||
CVE-2005-3534 | 1 Wouter Verhelst | 1 Nbd | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header. | |||||
CVE-2005-4066 | 1 Christian Ghisler | 1 Total Commander | 2024-02-04 | 4.9 MEDIUM | N/A |
Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm. | |||||
CVE-2005-4414 | 1 Open Lab | 1 Teamwork | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug." | |||||
CVE-2004-1020 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | |||||
CVE-2006-1582 | 1 Blanknberg | 1 Blanknberg | 2024-02-04 | 5.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to inject arbitrary web script or HTML via the _path parameter. NOTE: this might be resultant from the directory traversal issue. | |||||
CVE-2005-4834 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 5.0 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. | |||||
CVE-2005-4791 | 1 Novell | 1 Suse Linux | 2024-02-04 | 2.1 LOW | N/A |
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee. | |||||
CVE-2006-4600 | 1 Openldap | 1 Openldap | 2024-02-04 | 2.3 LOW | N/A |
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN). | |||||
CVE-2005-2113 | 1 Xoops | 1 Xoops | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method. | |||||
CVE-2005-2993 | 1 Hp | 2 Hp-ux, Tru64 | 2024-02-04 | 1.7 LOW | N/A |
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang). | |||||
CVE-2005-2676 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. | |||||
CVE-2006-2031 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
CVE-2005-4010 | 1 Sensation Designs | 1 Kbase Express | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php. | |||||
CVE-2006-2173 | 1 Filezilla | 1 Filezilla Server | 2024-02-04 | 6.4 MEDIUM | N/A |
Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. | |||||
CVE-2005-2857 | 1 Softstack | 1 Free Smtp Server | 2024-02-04 | 7.5 HIGH | N/A |
Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy). |