Total
258075 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1008 | 2 Putty, Tortoisecvs | 2 Putty, Tortoisecvs | 2023-12-10 | 10.0 HIGH | N/A |
Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow. | |||||
CVE-2005-0039 | 1 Nissc | 1 Ipsec | 2023-12-10 | 6.4 MEDIUM | N/A |
Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address. | |||||
CVE-2005-2459 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | N/A |
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458. | |||||
CVE-2006-0568 | 1 Outblaze | 1 Outblaze | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
CVE-2004-0889 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2023-12-10 | 10.0 HIGH | N/A |
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. | |||||
CVE-2005-4282 | 1 Zaygo | 1 Domaincart | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi. | |||||
CVE-2005-3720 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2023-12-10 | 5.0 MEDIUM | N/A |
The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions. | |||||
CVE-2004-1205 | 1 Pntresmailer | 1 Pntresmailer | 2023-12-10 | 5.0 MEDIUM | N/A |
codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message. | |||||
CVE-2006-2646 | 1 Alt-n | 1 Mdaemon | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote). | |||||
CVE-2006-1163 | 1 Nodez | 1 Nodez | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability. | |||||
CVE-2006-1489 | 1 Fusionzone | 1 Couponzone | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) companyid, (2) scat, and (3) coid parameters. | |||||
CVE-2005-2188 | 1 Mcafee | 1 Intrushield Security Management System | 2023-12-10 | 7.5 HIGH | N/A |
McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack. | |||||
CVE-2006-0492 | 1 Vincent Hor | 1 Calendarix | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865. | |||||
CVE-2004-1199 | 1 Apple | 1 Safari | 2023-12-10 | 5.0 MEDIUM | N/A |
Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | |||||
CVE-2006-3532 | 1 Pivot | 1 Pivot | 2023-12-10 | 5.1 MEDIUM | N/A |
PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter. | |||||
CVE-2005-0701 | 1 Oracle | 1 Database Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | |||||
CVE-2004-1237 | 3 Linux, Redhat, Suse | 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2023-12-10 | 2.1 LOW | N/A |
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors. | |||||
CVE-2006-1418 | 1 Caloris Planitia Technologies | 1 E-school Management System | 2023-12-10 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
CVE-2005-3393 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option. | |||||
CVE-2006-2723 | 1 Mozilla | 1 Firefox | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. |