Total
254734 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2759 | 1 Sun | 4 Storedge Qfs, Storedge Sam-qfs, Storeedge Performance Suite and 1 more | 2024-02-04 | 2.1 LOW | N/A |
Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files. | |||||
CVE-2005-4226 | 1 Phpwebthings | 1 Phpwebthings | 2024-02-04 | 7.5 HIGH | N/A |
Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585. | |||||
CVE-2006-0491 | 1 Subzane | 1 Szusermgnt | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2005-1421 | 1 Raysoft | 1 Video Cam Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request. | |||||
CVE-2004-2417 | 1 Smtp.proxy | 1 Smtp.proxy | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message. | |||||
CVE-2005-0643 | 1 Mcafee | 1 Antivirus Engine | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files. | |||||
CVE-2006-2256 | 1 Eqdkp | 1 Eqdkp | 2024-02-04 | 6.4 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter. | |||||
CVE-2005-4176 | 1 Award | 1 Award Bios Modular | 2024-02-04 | 2.1 LOW | N/A |
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory. | |||||
CVE-2005-1185 | 1 Musicmatch | 1 Jukebox | 2024-02-04 | 4.6 MEDIUM | N/A |
Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe. | |||||
CVE-2005-3700 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 4.6 MEDIUM | N/A |
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors. | |||||
CVE-2006-2083 | 1 Andrew Tridgell | 1 Rsync | 2024-02-04 | 7.5 HIGH | N/A |
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow. | |||||
CVE-2005-3928 | 1 Qnx | 1 Rtos | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users to execute arbitrary code via a long command line argument. | |||||
CVE-2006-4030 | 1 Gallery Project | 1 Gallery | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." | |||||
CVE-2005-4274 | 1 Businessobjects | 1 Webintelligence | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to "authentication mechanisms" and "form input." | |||||
CVE-2005-3432 | 1 Thomas Rybak | 1 Minigal 2 | 2024-02-04 | 5.0 MEDIUM | N/A |
MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all. | |||||
CVE-2005-4854 | 1 Ez | 1 Ez Publish | 2024-02-04 | 5.0 MEDIUM | N/A |
eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders. | |||||
CVE-2006-2290 | 1 Www.goel.ch | 1 2005-comments-script | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) email, and (3) url parameter. | |||||
CVE-2005-2382 | 1 Oray | 1 Peanuthull | 2024-02-04 | 7.2 HIGH | N/A |
Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality. | |||||
CVE-2006-1679 | 1 Jupiter Cms | 1 Jupiter Cms | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php. | |||||
CVE-2004-2498 | 1 Hitachi | 2 Web Page Generator, Web Page Generator Enterprise | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors. |