Total
259725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3583 | 1 Jetbox | 1 Jetbox Cms | 2024-02-04 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. | |||||
| CVE-2006-1485 | 1 Greymatter | 1 Greymatter | 2024-02-04 | 6.5 MEDIUM | N/A |
| gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-1103 | 1 Sygate Technologies | 1 Security Agent | 2024-02-04 | 4.6 MEDIUM | N/A |
| Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA. | |||||
| CVE-2004-2506 | 1 Wikindx | 1 Wikindx | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file. | |||||
| CVE-2006-4495 | 1 Microsoft | 2 Ie, Windows 2003 Server | 2024-02-04 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. | |||||
| CVE-2005-3008 | 1 Amar Sagoo | 1 Tofu | 2024-02-04 | 7.5 HIGH | N/A |
| Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes. | |||||
| CVE-2005-1068 | 1 Scssboard | 1 Scssboard | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via [url] tags. | |||||
| CVE-2005-0109 | 5 Freebsd, Redhat, Sco and 2 more | 8 Freebsd, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-04 | 4.7 MEDIUM | 5.6 MEDIUM |
| Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. | |||||
| CVE-2005-1984 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. | |||||
| CVE-2006-0283 | 1 Oracle | 3 Application Server, Collaboration Suite, Database Server | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorganize Objects & Convert Tablespace component. | |||||
| CVE-2006-2259 | 1 Maxxcode | 1 Maxxschedule | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | |||||
| CVE-2005-3286 | 1 Kerio | 2 Personal Firewall, Serverfirewall | 2024-02-04 | 2.1 LOW | N/A |
| The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability." | |||||
| CVE-2005-0840 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0706. Reason: This candidate is a duplicate of CVE-2005-0706. Notes: All CVE users should reference CVE-2005-0706 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2005-2151 | 1 Double Precision Incorporated | 1 Courier Mail Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. | |||||
| CVE-2005-2584 | 1 Mentor | 1 Adslfr4ii | 2024-02-04 | 7.2 HIGH | N/A |
| The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access. | |||||
| CVE-2005-4248 | 1 Quickpaypro | 1 Quickpaypro | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php. | |||||
| CVE-2005-2894 | 1 Pblang | 1 Pblang | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field. | |||||
| CVE-2006-3307 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php. | |||||
| CVE-2005-2190 | 1 Comersus Open Technologies | 1 Comersus Cart | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. | |||||
| CVE-2006-2799 | 1 Toenda Software Development | 1 Toendacms | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. | |||||