Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0014 | 1 Ncpfs | 1 Ncpfs | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client. | |||||
| CVE-2005-0013 | 1 Ncpfs | 1 Ncpfs | 2018-10-19 | 7.2 HIGH | N/A |
| nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges. | |||||
| CVE-2005-0867 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 7.2 HIGH | N/A |
| Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file. | |||||
| CVE-2005-1041 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route. | |||||
| CVE-2005-1046 | 1 Kde | 1 Kde | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. | |||||
| CVE-2005-1082 | 1 Azerbaijan Development Group | 1 Azdgdating | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php. | |||||
| CVE-2005-0952 | 1 Php Arena | 1 Pafiledb | 2018-10-19 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-1265 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash). | |||||
| CVE-2005-1224 | 1 Duware | 1 Duportal | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236. | |||||
| CVE-2005-0124 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow. | |||||
| CVE-2004-2677 | 1 Qwikmail | 1 Qwikmail Smtp | 2018-10-19 | 7.5 HIGH | N/A |
| Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments. | |||||
| CVE-2004-2000 | 1 Francisco Burzi | 1 Php-nuke | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php. | |||||
| CVE-2004-2134 | 1 Oracle | 1 Application Server | 2018-10-19 | 4.6 MEDIUM | N/A |
| Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. | |||||
| CVE-2004-2680 | 1 Apache | 1 Mod Python | 2018-10-19 | 5.0 MEDIUM | N/A |
| mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory. | |||||
| CVE-2004-1170 | 3 Gnu, Sun, Suse | 3 A2ps, Java Desktop System, Suse Linux | 2018-10-19 | 10.0 HIGH | N/A |
| a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. | |||||
| CVE-2004-1873 | 1 Alan Ward | 1 A-cart | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter. | |||||
| CVE-2004-1329 | 1 Ibm | 1 Aix | 2018-10-19 | 7.2 HIGH | N/A |
| Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. | |||||
| CVE-2004-2657 | 1 Mozilla | 1 Firefox | 2018-10-19 | 1.7 LOW | N/A |
| ** DISPUTED ** Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision." | |||||
| CVE-2004-2069 | 1 Openbsd | 1 Openssh | 2018-10-19 | 5.0 MEDIUM | N/A |
| sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). | |||||
| CVE-2004-2464 | 1 Ada | 1 Imgsvr | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f"). NOTE: it was later reported that 0.6.21 and earlier is also affected. | |||||