Total
28399 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0288 | 1 Oracle | 2 Application Server, E-business Suite | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02. | |||||
| CVE-2006-3016 | 1 Php Group | 1 Php | 2024-02-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). | |||||
| CVE-2006-2218 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2024-02-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. | |||||
| CVE-2004-2744 | 1 Phplist | 1 Mailing List Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." | |||||
| CVE-2006-3698 | 1 Oracle | 1 Database Server | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER. | |||||
| CVE-2005-2022 | 1 Sun | 2 Iplanet Messaging Server, One Messaging Server | 2024-02-28 | 4.3 MEDIUM | N/A |
| Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2006-3699 | 1 Oracle | 1 Database Server | 2024-02-28 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02. | |||||
| CVE-2004-2345 | 1 Oracle | 1 Database Server | 2024-02-28 | 6.5 MEDIUM | N/A |
| Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive information. | |||||
| CVE-2006-4112 | 1 Rubyonrails | 1 Rails | 2024-02-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111. | |||||
| CVE-2006-3702 | 1 Oracle | 1 Database Server | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081. | |||||
| CVE-2006-3232 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used." | |||||
| CVE-2005-2700 | 3 Apache, Canonical, Debian | 3 Http Server, Ubuntu Linux, Debian Linux | 2024-02-28 | 10.0 HIGH | N/A |
| ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2006-0582 | 1 Kth | 1 Heimdal | 2024-02-28 | 2.1 LOW | N/A |
| Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors. | |||||
| CVE-2005-1139 | 1 Opera | 1 Opera Browser | 2024-02-28 | 7.5 HIGH | N/A |
| Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks. | |||||
| CVE-2005-4273 | 1 Ibm | 1 Aix | 2024-02-28 | 2.1 LOW | N/A |
| Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files. | |||||
| CVE-2006-0262 | 1 Oracle | 4 Database Server, Oracle10g, Oracle8i and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08. | |||||
| CVE-2006-3745 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors. | |||||
| CVE-2006-3231 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters." | |||||
| CVE-2006-0260 | 1 Oracle | 1 Database Server | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB05 involves SQL injection in the (f) LONG2VARCHAR, LONG2VCMAX, LONG2VCNT, and LONG2CLOB functions in the DBMS_METADATA_UTIL package; (g) MAKE_FILTER, FETCH_VIEWS_ERROR, FETCH_FILTERS, FETCH_VIEWS, SET_FILTER_COMMON, DO_FILTER_SCRIPT, SET_TABLE_FILTERS, and MAKE_FILTER_TEXT functions in the DBMS_METADATA_INT package; and (h) GET_PREPOST_TABLE_ACT function in the DBMS_METADATA package. | |||||
| CVE-2005-3670 | 1 Hp | 3 Hp-ux, Jetdirect 635n, Tru64 | 2024-02-28 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the HP advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||