Total
254749 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0980 | 1 Jay Eckles | 1 Cgi Calendar | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi. | |||||
CVE-2005-3057 | 1 Fortinet | 2 Fortigate, Fortios | 2024-02-04 | 10.0 HIGH | N/A |
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. | |||||
CVE-2004-0929 | 2 Libtiff, Suse | 2 Libtiff, Suse Linux | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image. | |||||
CVE-2004-1008 | 2 Putty, Tortoisecvs | 2 Putty, Tortoisecvs | 2024-02-04 | 10.0 HIGH | N/A |
Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow. | |||||
CVE-2006-1464 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file. | |||||
CVE-2005-1033 | 1 Devellion | 1 Cubecart | 2024-02-04 | 5.0 MEDIUM | N/A |
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message. | |||||
CVE-2005-2859 | 1 Savant | 1 Savant Webserver | 2024-02-04 | 4.6 MEDIUM | N/A |
Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges. | |||||
CVE-2005-3720 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2024-02-04 | 5.0 MEDIUM | N/A |
The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions. | |||||
CVE-2004-1028 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. | |||||
CVE-2005-0558 | 1 Microsoft | 1 Word | 2024-02-04 | 5.1 MEDIUM | N/A |
Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. | |||||
CVE-2006-2495 | 1 S9y | 1 Serendipity | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | |||||
CVE-2005-3881 | 1 Altantisfaq | 1 Altantis Knowledge Base Software | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | |||||
CVE-2006-2378 | 1 Microsoft | 4 Ie, Internet Explorer, Windows 2003 Server and 1 more | 2024-02-04 | 6.8 MEDIUM | N/A |
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. | |||||
CVE-2005-1532 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-04 | 7.5 HIGH | N/A |
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160. | |||||
CVE-2006-0677 | 1 Kth | 1 Heimdal | 2024-02-04 | 7.8 HIGH | N/A |
telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. | |||||
CVE-2006-4255 | 1 Horde | 2 Horde, Imp | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. | |||||
CVE-2006-3467 | 1 Freetype | 1 Freetype | 2024-02-04 | 7.5 HIGH | N/A |
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. | |||||
CVE-2006-0815 | 1 Networkactiv | 1 Networkactiv Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension. | |||||
CVE-2005-0553 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.1 MEDIUM | N/A |
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". | |||||
CVE-2006-0316 | 1 Aol | 1 Aol Client Software | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors. |