Total
254721 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2466 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 2.6 LOW | N/A |
BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability." | |||||
CVE-2005-4417 | 3 Anycom, Belkin, Widcomm | 3 Blue Usb-130-250 Software, Bluetooth Software, Bluetooth For Windows | 2024-02-04 | 6.4 MEDIUM | N/A |
The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. | |||||
CVE-2006-1021 | 1 Pehepe | 2 Membership Management System, Uyelik Sistemi | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to inject arbitrary web script or HTML via the kuladi parameter ($kul_adi variable). | |||||
CVE-2005-1946 | 1 Invision Power Services | 1 Invision Community Blog | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action. | |||||
CVE-2005-0564 | 1 Microsoft | 1 Word | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. | |||||
CVE-2004-1110 | 2 Gentoo, Jean-jacques Sarton | 2 Linux, Mtink | 2024-02-04 | 2.1 LOW | N/A |
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file. | |||||
CVE-2005-0751 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none. | |||||
CVE-2006-4662 | 1 Mirabilis | 1 Icq | 2024-02-04 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. | |||||
CVE-2006-4372 | 1 Constructor Component | 1 Constructor Component | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | |||||
CVE-2005-4443 | 1 Gauche | 1 Gauche | 2024-02-04 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
CVE-2004-1018 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2024-02-04 | 10.0 HIGH | N/A |
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | |||||
CVE-2005-3269 | 1 Sun | 4 Java System Directory Proxy Server, Java System Directory Server, One Administration Server and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges. | |||||
CVE-2006-0423 | 1 Oracle | 1 Weblogic Portal | 2024-02-04 | 7.5 HIGH | N/A |
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. | |||||
CVE-2006-3932 | 1 Gonafish | 1 Linkscaffe | 2024-02-04 | 5.1 MEDIUM | N/A |
SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2006-0064 | 1 Devellion | 1 Cubecart | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. | |||||
CVE-2004-2274 | 1 W3c | 1 Jigsaw | 2024-02-04 | 6.4 MEDIUM | N/A |
Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI. | |||||
CVE-2005-4488 | 1 Computeroil | 1 Redakto Cms | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) iid, (2) iid2, (3) r, (4) cart, (5) str, (6) nf, and (7) a parameters. | |||||
CVE-2006-2482 | 2 Microchip Data Systems, Pentaware | 4 Ziptv For C\+\+ Builder, Ziptv For Delphi 7, Pentasuite-pro and 1 more | 2024-02-04 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856. | |||||
CVE-2005-4202 | 1 Logisphere | 1 Logisphere | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) "..\" (dot dot backslash) sequences in the NS-query-pat parameter to the search URL. URL. | |||||
CVE-2006-0484 | 1 Elido | 1 Face Control | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. (dot dot) in any parameter that opens a file, such as (1) s or (2) p. |