Total
258074 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2556 | 1 Netgear | 1 Wg602 | 2024-02-28 | 5.0 MEDIUM | N/A |
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | |||||
CVE-2005-2631 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2024-02-28 | 7.5 HIGH | N/A |
Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users. | |||||
CVE-2006-1125 | 1 Grisoft | 1 Avg Antivirus | 2024-02-28 | 4.6 MEDIUM | N/A |
Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local users to gain privileges. | |||||
CVE-2005-1622 | 1 Metalinks | 1 Metacart E-shop | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter. | |||||
CVE-2005-3341 | 1 Dhis Tools | 1 Dns Package | 2024-02-28 | 2.1 LOW | N/A |
DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh. | |||||
CVE-2006-0480 | 1 Spaiz | 1 Spaiz-nuke Cms | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file. | |||||
CVE-2006-4507 | 1 Sony | 1 Playstation Portable | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465. | |||||
CVE-2005-3055 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 2.1 LOW | N/A |
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. | |||||
CVE-2006-2717 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2) on a client via modified pathnames, possibly due to a directory traversal issue. | |||||
CVE-2005-3077 | 1 Microsoft | 1 Ie For Macintosh | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. | |||||
CVE-2006-1510 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 4.0 MEDIUM | N/A |
Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. | |||||
CVE-2006-0319 | 1 Farmers Wife | 1 Farmers Wife | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands. | |||||
CVE-2006-0455 | 1 Gnu | 1 Privacy Guard | 2024-02-28 | 4.6 MEDIUM | N/A |
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify". | |||||
CVE-2005-0553 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 5.1 MEDIUM | N/A |
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". | |||||
CVE-2005-3839 | 1 Supportpro | 1 Supportdesk | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options. | |||||
CVE-2005-4527 | 1 Direct News | 1 Direct News | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters. | |||||
CVE-2005-1058 | 1 Cisco | 1 Ios | 2024-02-28 | 7.5 HIGH | N/A |
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations. | |||||
CVE-2006-2966 | 1 Particle Soft | 1 Particle Wiki | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme. | |||||
CVE-2006-4327 | 1 Cloudnine Interactive | 1 Links Manager | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in CloudNine Interactive Links Manager 2006-06-12 allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, or (3) keywords parameters. | |||||
CVE-2006-0208 | 1 Php | 1 Php | 2024-02-28 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. |