Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2275 | 1 Lksctp | 1 Stream Control Transmission Protocol | 2017-10-11 | 5.0 MEDIUM | N/A |
| Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer." | |||||
| CVE-2006-2933 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 4.6 MEDIUM | N/A |
| kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop. | |||||
| CVE-2006-2271 | 1 Lksctp | 1 Lksctp | 2017-10-11 | 7.8 HIGH | N/A |
| The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state. | |||||
| CVE-2006-2272 | 1 Lksctp | 1 Stream Control Transmission Protocol | 2017-10-11 | 7.8 HIGH | N/A |
| Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks. | |||||
| CVE-2006-2274 | 1 Lksctp | 1 Stream Control Transmission Protocol | 2017-10-11 | 5.0 MEDIUM | N/A |
| Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function. | |||||
| CVE-2005-2367 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet. | |||||
| CVE-2006-0658 | 1 Fckeditor | 1 Fckeditor | 2017-10-11 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt. | |||||
| CVE-2006-1855 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process. | |||||
| CVE-2006-1389 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2006-1863 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864. | |||||
| CVE-2005-4153 | 1 Gnu | 1 Mailman | 2017-10-11 | 7.8 HIGH | N/A |
| Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. | |||||
| CVE-2006-1862 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load. | |||||
| CVE-2006-0537 | 1 Kinesphere Corporation | 1 Exchange Pop3 | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument. | |||||
| CVE-2006-1527 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 5.0 MEDIUM | N/A |
| The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function. | |||||
| CVE-2005-4811 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function. | |||||
| CVE-2006-1168 | 1 Ncompress | 1 Ncompress | 2017-10-11 | 7.5 HIGH | N/A |
| The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. | |||||
| CVE-2006-1856 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 7.5 HIGH | N/A |
| Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2006-0516 | 1 Sun | 1 Solaris | 2017-10-11 | 2.1 LOW | N/A |
| Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors. | |||||
| CVE-2005-4798 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client. | |||||
| CVE-2006-0485 | 1 Cisco | 1 Ios | 2017-10-11 | 4.6 MEDIUM | N/A |
| The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049. | |||||
| CVE-2006-1294 | 1 Knowledgebasepublisher | 1 Knowledgebasepublisher | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter. | |||||
| CVE-2006-2046 | 1 Application Dynamics | 1 Cartweaver Coldfusion | 2017-10-11 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm. | |||||
| CVE-2006-1292 | 1 Php Icalendar | 1 Php Icalendar | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php. | |||||
| CVE-2006-0486 | 1 Cisco | 1 Ios | 2017-10-11 | 4.6 MEDIUM | N/A |
| Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770. | |||||
| CVE-2005-4090 | 1 Hp | 1 Hp-ux | 2017-10-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact. | |||||
| CVE-2006-0456 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors. | |||||
| CVE-2006-1594 | 1 Claroline | 1 Claroline | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php. | |||||
| CVE-2006-1291 | 1 Php Icalendar | 1 Php Icalendar | 2017-10-11 | 7.5 HIGH | N/A |
| publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. | |||||
| CVE-2006-1346 | 1 Greg Neustaetter | 1 Gcards | 2017-10-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php. | |||||
| CVE-2006-0191 | 1 Sun | 1 Solaris | 2017-10-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250. | |||||
| CVE-2006-1252 | 1 Light Weight Calendar | 1 Light Weight Calendar | 2017-10-11 | 7.5 HIGH | N/A |
| Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. | |||||
| CVE-2006-0190 | 1 Sun | 1 Solaris | 2017-10-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver. | |||||
| CVE-2006-0188 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-11 | 4.3 MEDIUM | N/A |
| webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. | |||||
| CVE-2006-1932 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 10.0 HIGH | N/A |
| Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors. | |||||
| CVE-2006-0531 | 1 Sun | 1 Java System Access Manager | 2017-10-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool. | |||||
| CVE-2006-0195 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-11 | 4.3 MEDIUM | N/A |
| Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. | |||||
| CVE-2006-1422 | 1 Jjwwebdesign | 1 Phpbookingcalendar | 2017-10-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | |||||
| CVE-2006-1348 | 1 Greg Neustaetter | 1 Gcards | 2017-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346. | |||||
| CVE-2006-0769 | 1 Sun | 1 Solaris | 2017-10-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors. | |||||
| CVE-2006-0558 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local users to cause a denial of service (crash) by interrupting a task while another process is accessing the mm_struct, which triggers a BUG_ON action in the put_page_testzero function. | |||||
| CVE-2006-1933 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors. | |||||
| CVE-2006-0377 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." | |||||
| CVE-2006-1940 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector. | |||||
| CVE-2006-1363 | 1 Justin White | 1 Freewps | 2017-10-11 | 7.5 HIGH | N/A |
| images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file. | |||||
| CVE-2006-1939 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors. | |||||
| CVE-2006-1934 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code. | |||||
| CVE-2005-4744 | 1 Freeradius | 1 Freeradius | 2017-10-11 | 6.4 MEDIUM | N/A |
| Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier. | |||||
| CVE-2006-1509 | 1 Hp | 1 Hp-ux | 2017-10-11 | 4.9 MEDIUM | N/A |
| /sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service. | |||||
| CVE-2006-1935 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector. | |||||
| CVE-2006-1248 | 1 Hp | 1 Hp-ux | 2017-10-11 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended. | |||||