Total
18193 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-3100 | 1 Termpkg Project | 1 Termpkg | 2024-11-21 | 9.8 Critical |
termpkg 3.3 suffers from buffer overflow. | ||||
CVE-2006-0062 | 1 Sillycycle | 1 Xlockmore | 2024-11-21 | 9.8 Critical |
xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. | ||||
CVE-2006-0061 | 1 Sillycycle | 1 Xlockmore | 2024-11-21 | 9.8 Critical |
xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. | ||||
CVE-2005-4891 | 1 Simplemachines | 1 Simple Machine Forum | 2024-11-21 | 9.8 Critical |
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. | ||||
CVE-2005-3435 | 1 Archilles | 1 Newsworld | 2024-11-21 | 9.8 Critical |
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. | ||||
CVE-2005-3120 | 3 Debian, Invisible-island, Redhat | 3 Debian Linux, Lynx, Enterprise Linux | 2024-11-21 | 9.8 Critical |
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | ||||
CVE-2005-3056 | 1 Twiki | 1 Twiki | 2024-11-21 | 9.8 Critical |
TWiki allows arbitrary shell command execution via the Include function | ||||
CVE-2005-2773 | 1 Hp | 1 Openview Network Node Manager | 2024-11-21 | 9.8 Critical |
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. | ||||
CVE-2005-2354 | 1 Nvu | 1 Nvu | 2024-11-20 | 9.8 Critical |
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. | ||||
CVE-2005-2103 | 2 Gaim Project, Redhat | 2 Gaim, Enterprise Linux | 2024-11-20 | 9.8 Critical |
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n. | ||||
CVE-2005-1744 | 1 Bea | 1 Weblogic Server | 2024-11-20 | 9.8 Critical |
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. | ||||
CVE-2005-1689 | 4 Apple, Debian, Mit and 1 more | 5 Mac Os X, Mac Os X Server, Debian Linux and 2 more | 2024-11-20 | 9.8 Critical |
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. | ||||
CVE-2005-1513 | 3 Canonical, Debian, Qmail Project | 3 Ubuntu Linux, Debian Linux, Qmail | 2024-11-20 | 9.8 Critical |
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request. | ||||
CVE-2005-1141 | 1 Optical Character Recognition Project | 1 Optical Character Recognition | 2024-11-20 | 9.8 Critical |
Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow. | ||||
CVE-2005-0496 | 1 Arkeia | 1 Network Backup | 2024-11-20 | 9.8 Critical |
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. | ||||
CVE-2005-0408 | 1 Citrusdb | 1 Citrusdb | 2024-11-20 | 9.8 Critical |
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable. | ||||
CVE-2005-0269 | 1 Sir | 1 Gnuboard | 2024-11-20 | 9.8 Critical |
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters. | ||||
CVE-2005-0199 | 1 Barton | 1 Ngircd | 2024-11-20 | 9.8 Critical |
Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow. | ||||
CVE-2005-0102 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Evolution, Enterprise Linux | 2024-11-20 | 9.8 Critical |
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. | ||||
CVE-2004-2776 | 1 Goscript Project | 1 Goscript | 2024-11-20 | 9.8 Critical |
go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. |