Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1791 | 1 Alexscriptengine | 1 Picture-engine | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-1797 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. | |||||
| CVE-2007-1798 | 1 Ibm | 1 Aix | 2017-10-11 | 7.2 HIGH | N/A |
| Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name. | |||||
| CVE-2007-1801 | 1 Sblog | 1 Sblog | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php. | |||||
| CVE-2007-1805 | 1 Myxoops | 1 Debaser | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter. | |||||
| CVE-2007-1806 | 1 Red Mexico | 1 Rm\+soft Gallery | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmgallery) 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the idcat parameter. | |||||
| CVE-2007-1807 | 1 Peak Xoops | 1 Myalbum P | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-1808 | 1 Camportail | 1 Camportail | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action. | |||||
| CVE-2007-1809 | 1 Grafx Software | 1 Company Website Builder | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513. | |||||
| CVE-2007-1810 | 1 Kaotik | 1 Kshop | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1811 | 1 Chapi | 1 Tiny Event | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | |||||
| CVE-2005-0750 | 5 Conectiva, Linux, Redhat and 2 more | 8 Linux, Linux Kernel, Enterprise Linux and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. | |||||
| CVE-2005-0752 | 1 Mozilla | 1 Firefox | 2017-10-11 | 7.5 HIGH | N/A |
| The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag. | |||||
| CVE-2005-0753 | 1 Cvs | 1 Cvs | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-0757 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 2.1 LOW | N/A |
| The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled. | |||||
| CVE-2005-0759 | 2 Imagemagick, Sgi | 2 Imagemagick, Propack | 2017-10-11 | 5.0 MEDIUM | N/A |
| ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag. | |||||
| CVE-2005-0760 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 5.0 MEDIUM | N/A |
| The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. | |||||
| CVE-2005-0761 | 2 Imagemagick, Sgi | 2 Imagemagick, Propack | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file. | |||||
| CVE-2005-0762 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file. | |||||
| CVE-2005-0765 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2005-0766 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2005-0815 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 6.4 MEDIUM | N/A |
| Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. | |||||
| CVE-2005-0853 | 1 Betaparticle | 1 Betaparticle Blog | 2017-10-11 | 5.0 MEDIUM | N/A |
| betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0. | |||||
| CVE-2005-0941 | 1 Openoffice | 1 Openoffice | 2017-10-11 | 5.1 MEDIUM | N/A |
| The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow. | |||||
| CVE-2005-0988 | 7 Freebsd, Gentoo, Gnu and 4 more | 13 Freebsd, Linux, Gzip and 10 more | 2017-10-11 | 3.7 LOW | N/A |
| Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | |||||
| CVE-2005-1020 | 1 Cisco | 1 Ios | 2017-10-11 | 7.1 HIGH | N/A |
| Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | |||||
| CVE-2005-1021 | 1 Cisco | 1 Ios | 2017-10-11 | 7.1 HIGH | N/A |
| Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. | |||||
| CVE-2005-1038 | 2 Paul Vixie, Redhat | 2 Vixie Cron, Enterprise Linux | 2017-10-11 | 2.1 LOW | N/A |
| crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. | |||||
| CVE-2005-1057 | 1 Cisco | 1 Ios | 2017-10-11 | 7.5 HIGH | N/A |
| Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." | |||||
| CVE-2005-1058 | 1 Cisco | 1 Ios | 2017-10-11 | 7.5 HIGH | N/A |
| Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations. | |||||
| CVE-2005-1111 | 1 Gnu | 1 Cpio | 2017-10-11 | 3.7 LOW | N/A |
| Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | |||||
| CVE-2005-1153 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option. | |||||
| CVE-2005-1154 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution." | |||||
| CVE-2005-1155 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." | |||||
| CVE-2005-1156 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1." | |||||
| CVE-2005-1157 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2." | |||||
| CVE-2005-1158 | 1 Mozilla | 1 Firefox | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. | |||||
| CVE-2005-1159 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type. | |||||
| CVE-2005-1160 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 5.1 MEDIUM | N/A |
| The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object. | |||||
| CVE-2005-1192 | 1 Hp | 1 Hp-ux | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060. | |||||
| CVE-2005-1194 | 1 Redhat | 3 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation | 2017-10-11 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. | |||||
| CVE-2005-1228 | 1 Gnu | 1 Gzip | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | |||||
| CVE-2005-1237 | 1 China-on-site | 1 Flexphpnews | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2005-1248 | 1 Apple | 1 Itunes | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. | |||||
| CVE-2005-1266 | 1 Apache | 1 Spamassassin | 2017-10-11 | 5.0 MEDIUM | N/A |
| Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries. | |||||
| CVE-2005-1275 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2017-10-11 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | |||||
| CVE-2005-1345 | 1 Squid | 1 Squid | 2017-10-11 | 7.5 HIGH | N/A |
| Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator. | |||||
| CVE-2005-1426 | 1 Uapplication | 1 Ublog | 2017-10-11 | 5.0 MEDIUM | N/A |
| Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb). | |||||
| CVE-2005-1431 | 1 Gnu | 1 Gnutls | 2017-10-11 | 5.0 MEDIUM | N/A |
| The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | |||||
| CVE-2005-1454 | 1 Freeradius | 1 Freeradius | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. | |||||