Total
254737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2305 | 1 Jadu Limited | 1 Jadu Cms | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow remote attackers to inject arbitrary web script or HTML via the (1) forename, (2) surname, (3) reg_email, (4) email_conf, (5) company, (6) city, (7) postcode, or (8) telephone parameters to site/scripts/register.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2006-3677 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 7.5 HIGH | N/A |
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. | |||||
CVE-2005-3229 | 1 Clam Anti-virus | 1 Clamav | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
CVE-2005-3259 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) login field, (2) "search this thread" feature, (3) "search for posts" feature, (4) "forgot password" feature, (5) list parameter in userlistpre.php, and the (6) select, (7) categ, and (8) to parameters in index.php. | |||||
CVE-2006-4707 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]). | |||||
CVE-2006-1047 | 1 Joomla | 1 Joomla | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors. | |||||
CVE-2006-3912 | 1 Rarlab | 1 Winrar | 2024-02-04 | 2.1 LOW | N/A |
Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact. | |||||
CVE-2005-1773 | 1 Lsoft | 1 Listserv | 2024-02-04 | 7.5 HIGH | N/A |
Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available. | |||||
CVE-2005-0326 | 1 Php Arena | 1 Pafiledb | 2024-02-04 | 5.0 MEDIUM | N/A |
pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script. | |||||
CVE-2006-4540 | 1 Learn.com | 1 Learncenter | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
CVE-2004-2372 | 1 Bochs Project | 1 Bochs | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability. | |||||
CVE-2005-1040 | 1 Novell | 1 Linux Desktop | 2024-02-04 | 7.2 HIGH | N/A |
Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification." | |||||
CVE-2006-3252 | 1 Algorithmic Research | 1 Privatewire Gateway | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request. | |||||
CVE-2005-3766 | 1 Exponent | 1 Exponent | 2024-02-04 | 5.0 MEDIUM | N/A |
Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files. | |||||
CVE-2006-2988 | 1 Chemical Dictionary | 1 Chemical Dictionary | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action. | |||||
CVE-2005-0051 | 1 Microsoft | 1 Windows Xp | 2024-02-04 | 7.5 HIGH | N/A |
The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability." | |||||
CVE-2006-2283 | 1 Spiffyjr | 1 Phpraid | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) auth.php and (2) auth_phpbb when the phpBB portal is enabled, and via a URL in the smf_root_path parameter in (3) auth.php and (4) auth_SMF when the SMF portal is enabled. | |||||
CVE-2005-2914 | 1 Linksys | 1 Wrt54g | 2024-02-04 | 7.5 HIGH | N/A |
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. | |||||
CVE-2006-2754 | 1 Openldap | 1 Openldap | 2024-02-04 | 5.0 MEDIUM | N/A |
Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. | |||||
CVE-2006-1242 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks. |