Total
254740 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2099 | 1 Ezb Systems | 1 Ultraiso | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
CVE-2006-0166 | 1 Symantec | 1 Norton System Works | 2024-02-04 | 7.5 HIGH | N/A |
Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products. | |||||
CVE-2006-0705 | 2 Attachmatewrq, F-secure | 2 Reflection For Secure It Server, F-secure Ssh Server | 2024-02-04 | 6.5 MEDIUM | N/A |
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. | |||||
CVE-2006-4501 | 1 Ztml | 1 Ezportal Ztml Cms | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters. | |||||
CVE-2006-1128 | 1 Gallery Project | 1 Gallery | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. | |||||
CVE-2005-0719 | 1 Hp | 1 Tru64 | 2024-02-04 | 2.1 LOW | N/A |
Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd. | |||||
CVE-2006-1524 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 3.6 LOW | N/A |
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071. | |||||
CVE-2005-2918 | 1 Gtkdiskfree | 1 Gtkdiskfree | 2024-02-04 | 5.0 MEDIUM | N/A |
The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file. | |||||
CVE-2006-2069 | 1 Powerdns | 1 Powerdns | 2024-02-04 | 5.0 MEDIUM | N/A |
The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets. | |||||
CVE-2005-3224 | 1 Avira | 1 Antivir Personal | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple interpretation error in unspecified versions of AntiVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
CVE-2005-1366 | 1 Pico Server | 1 Pico Server | 2024-02-04 | 7.5 HIGH | N/A |
Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL. | |||||
CVE-2005-3624 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. | |||||
CVE-2005-4695 | 1 Symantec | 1 Brightmail Antispam | 2024-02-04 | 5.0 MEDIUM | N/A |
Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages. | |||||
CVE-2005-0162 | 2 Openswan, Xelerance | 2 Openswan, Openswan | 2024-02-04 | 7.2 HIGH | N/A |
Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. | |||||
CVE-2005-4756 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 7.5 HIGH | N/A |
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges. | |||||
CVE-2006-0731 | 1 Sap | 1 Business Connector | 2024-02-04 | 4.0 MEDIUM | N/A |
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame. | |||||
CVE-2006-4000 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2024-02-04 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
CVE-2005-0426 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference. | |||||
CVE-2005-3183 | 1 W3c | 1 Libwww | 2024-02-04 | 4.3 MEDIUM | N/A |
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read. | |||||
CVE-2004-2279 | 1 Invision Power Services | 1 Invision Power Board | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php. |