Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0072 | 1 Sco | 1 Openserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector. | |||||
| CVE-2006-0098 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 4.6 MEDIUM | N/A |
| The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/. | |||||
| CVE-2006-0216 | 1 Qualityebiz | 1 Quality Ppc | 2008-09-05 | 5.0 MEDIUM | N/A |
| admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter. | |||||
| CVE-2006-0071 | 1 Gentoo | 2 App-crypt Pinentry, Linux | 2008-09-05 | 6.6 MEDIUM | N/A |
| The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. | |||||
| CVE-2006-0215 | 1 Qualityebiz | 1 Quality Ppc | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216. | |||||
| CVE-2006-0138 | 1 Amsn | 1 Amsn | 2008-09-05 | 5.0 MEDIUM | N/A |
| aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891). | |||||
| CVE-2006-0113 | 1 Enhanced Simple Php Gallery | 1 Enhanced Simple Php Gallery | 2008-09-05 | 5.0 MEDIUM | N/A |
| Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sp_helper_functions.php, which leaks the pathname in an error message. | |||||
| CVE-2005-4859 | 1 Chitta | 1 Mimicboard | 2008-09-05 | 6.4 MEDIUM | N/A |
| mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mimic2.dat. | |||||
| CVE-2006-0157 | 1 Reamday Enterprises | 1 Magic News Plus | 2008-09-05 | 5.0 MEDIUM | N/A |
| settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters. | |||||
| CVE-2006-0149 | 1 Simpbook | 1 Simpbook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field. | |||||
| CVE-2005-4858 | 1 Chitta | 1 Mimicboard 2 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element. | |||||
| CVE-2006-0073 | 1 Discusware | 2 Discus Freeware, Discus Professional | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0130 | 1 Rockliffe | 1 Mailsite | 2008-09-05 | 7.5 HIGH | N/A |
| Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account. | |||||
| CVE-2006-0303 | 1 Joomla | 1 Joomla | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors. | |||||
| CVE-2005-4764 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 7.8 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins). | |||||
| CVE-2005-4761 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 1.2 LOW | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used. | |||||
| CVE-2005-4726 | 1 Mute | 1 Mute | 2008-09-05 | 5.0 MEDIUM | N/A |
| MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is near the end of a message chain. | |||||
| CVE-2005-4816 | 1 Proftpd Project | 1 Proftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. | |||||
| CVE-2005-4687 | 2 F-art Agency, Punbb | 2 Blog Cms, Punbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. | |||||
| CVE-2005-4660 | 1 Ipcop | 1 Ipcop | 2008-09-05 | 1.2 LOW | N/A |
| Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup. | |||||