Total
29323 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0002 | 1 Microsoft | 3 Exchange Server, Office, Outlook | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. | |||||
CVE-2006-0257 | 1 Oracle | 1 Database Server | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package. | |||||
CVE-2006-0487 | 1 Tumbleweed | 1 Mailgate Email Firewall | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Tumbleweed MailGate Email Firewall (EMF) 6.x allow remote attackers to (1) trigger temporarily incorrect processing of an e-mail message under "extremely heavy loads" and (2) cause an "increased number of missed spam" during "spam outbreaks." | |||||
CVE-2005-3907 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrusted Java applets. | |||||
CVE-2006-0218 | 1 Mybb | 1 Mybb | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603. | |||||
CVE-2006-3713 | 1 Oracle | 1 Application Server | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09. | |||||
CVE-2006-1875 | 1 Oracle | 1 Database Server | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB11. NOTE: Oracle has not disputed reliable researcher claims that this issue is SQL injection in MDSYS.SDO_LRS_TRIG_INS. | |||||
CVE-2006-0267 | 1 Oracle | 1 Database Server | 2024-02-28 | 9.0 HIGH | N/A |
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20. | |||||
CVE-2005-4154 | 1 Php | 1 Pear | 2024-02-28 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded. | |||||
CVE-2006-2201 | 1 Broadcom | 1 Resource Initialization Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0. | |||||
CVE-2006-1308 | 1 Microsoft | 2 Excel, Excel Viewer | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. | |||||
CVE-2005-3059 | 3 Linux, Microsoft, Opera | 3 Linux Kernel, Windows, Opera Browser | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding." | |||||
CVE-2006-2941 | 1 Gnu | 1 Mailman | 2024-02-28 | 5.0 MEDIUM | N/A |
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". | |||||
CVE-2006-0272 | 1 Oracle | 2 Oracle10g, Oracle9i | 2024-02-28 | 9.0 HIGH | N/A |
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS. | |||||
CVE-2005-4625 | 3 Ati, Intel, Microsoft | 3 Catalyst Driver, Display Adapter Driver, Internet Explorer | 2024-02-28 | 7.1 HIGH | N/A |
Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999. | |||||
CVE-2006-2383 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. | |||||
CVE-2006-2447 | 1 Apache | 1 Spamassassin | 2024-02-28 | 5.1 MEDIUM | N/A |
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | |||||
CVE-2004-1064 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2024-02-28 | 10.0 HIGH | N/A |
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | |||||
CVE-2006-0028 | 1 Microsoft | 2 Excel, Office | 2024-02-28 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. | |||||
CVE-2005-4847 | 1 Spey | 1 Spey | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number of security holes which could lead to compromise," a different issue than CVE-2005-4846. |