Total
254721 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3079 | 1 Sspwiz | 1 Sspwiz Plus | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2006-2196 | 1 Jochen Friedrich | 1 Pinball | 2024-02-04 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges. | |||||
| CVE-2005-4752 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role. | |||||
| CVE-2005-2607 | 1 Phpsimplicity | 1 Simplicity Of Upload | 2024-02-04 | 5.0 MEDIUM | N/A |
| PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters. | |||||
| CVE-2006-0824 | 1 Geeklog | 1 Geeklog | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log. | |||||
| CVE-2006-1920 | 1 Pmtool | 1 Pmtool | 2024-02-04 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote attackers to execute arbitrary SQL commands via the order parameter in the include files (1) user.inc.php, (2) customer.inc.php, and (3) project.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1376 | 1 Debian | 1 Debian Linux | 2024-02-04 | 2.1 LOW | N/A |
| The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption). | |||||
| CVE-2005-1900 | 1 Sawmill | 1 Sawmill | 2024-02-04 | 7.5 HIGH | N/A |
| Sawmill before 7.1.6 allows remote attackers to bypass authentication and (1) gain administrative privileges or (2) add a license. | |||||
| CVE-2004-2555 | 1 Smartstuff | 1 Foolproof Security | 2024-02-04 | 2.1 LOW | N/A |
| Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key. | |||||
| CVE-2006-3273 | 1 Astrodog Press | 1 Some Chess | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field). | |||||
| CVE-2005-1763 | 2 Novell, Suse | 2 Linux Desktop, Suse Linux | 2024-02-04 | 7.2 HIGH | N/A |
| Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory. | |||||
| CVE-2004-0966 | 2 Gnu, Ubuntu | 2 Gettext, Ubuntu Linux | 2024-02-04 | 2.1 LOW | N/A |
| The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2006-1767 | 1 Nicecoder | 1 Indexu | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php. | |||||
| CVE-2006-3606 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library. | |||||
| CVE-2006-2508 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2024-02-04 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. | |||||
| CVE-2005-0731 | 1 Py Software | 1 Active Webcam | 2024-02-04 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html. | |||||
| CVE-2006-3326 | 1 Joesph Leung | 1 Quickzip | 2024-02-04 | 2.6 LOW | N/A |
| Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, and (3) JAR archives. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-3581 | 1 Gdal | 1 Gdal | 2024-02-04 | 7.2 HIGH | N/A |
| GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. | |||||
| CVE-2006-2409 | 1 Raydium | 1 Raydium | 2024-02-04 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add. | |||||
| CVE-2005-3946 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
| Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. | |||||