Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7203 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 4.0 MEDIUM | N/A |
| The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs"). | |||||
| CVE-2006-4596 | 1 Mybace Light | 1 Mybace Light | 2023-11-07 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php. | |||||
| CVE-2006-5327 | 2 Apple, Openbase International Ltd | 2 Xcode, Openbase | 2023-11-07 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. | |||||
| CVE-2006-4992 | 1 Joomla | 1 Jd-wordpress | 2023-11-07 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php. | |||||
| CVE-2006-4996 | 1 Joomla | 1 Joomlalib | 2023-11-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies." | |||||
| CVE-2006-6333 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 7.8 HIGH | N/A |
| The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset. | |||||
| CVE-2006-4713 | 1 Psywerks | 1 Puma | 2023-11-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. | |||||
| CVE-2006-3835 | 1 Apache | 1 Tomcat | 2023-11-07 | 5.0 MEDIUM | N/A |
| Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. | |||||
| CVE-2006-0121 | 1 Ibm | 3 Lotus Domino, Lotus Domino Enterprise Server, Lotus Notes | 2023-11-07 | 7.8 HIGH | N/A |
| Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory. | |||||
| CVE-2006-0046 | 1 Cameron Simpson | 1 Adzapper | 2023-11-07 | 7.8 HIGH | N/A |
| squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions. | |||||
| CVE-2006-2288 | 1 Avahi | 1 Avahi | 2023-11-07 | 3.6 LOW | N/A |
| Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts. | |||||
| CVE-2005-4703 | 1 Apache | 1 Tomcat | 2023-11-07 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. | |||||
| CVE-2006-1365 | 1 Motorola | 3 E398, Pebl U6, V600 | 2023-11-07 | 5.0 MEDIUM | N/A |
| The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a "HeloMoto" attack. | |||||
| CVE-2006-1168 | 1 Ncompress | 1 Ncompress | 2023-11-07 | 7.5 HIGH | N/A |
| The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. | |||||
| CVE-2006-0036 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 7.8 HIGH | N/A |
| ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a null pointer to be used in an offset calculation. | |||||
| CVE-2006-2289 | 1 Avahi | 1 Avahi | 2023-11-07 | 2.1 LOW | N/A |
| Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-1366 | 1 Motorola | 1 Pebl U6 | 2023-11-07 | 7.8 HIGH | N/A |
| Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer (aka FTP) service on Bluetooth channel 9. | |||||
| CVE-2006-0554 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 1.7 LOW | N/A |
| Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data. | |||||
| CVE-2006-1860 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 2.1 LOW | N/A |
| lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack. | |||||
| CVE-2005-4635 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 5.0 MEDIUM | N/A |
| The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for valid lengths of the header and payload, which allows remote attackers to cause a denial of service (invalid memory reference) via malformed fib_lookup netlink messages. | |||||