|Max CVSS||7.8||Min CVSS||2.1||Total Count||20|
|ID||CVSS||Summary||Last (major) update||Published|
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers
|21-11-2016 - 21:59||31-12-2005 - 00:00|
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key
|17-10-2016 - 23:40||05-09-2006 - 13:04|
Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use.
|17-10-2016 - 23:38||31-12-2005 - 00:00|
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier
|13-09-2013 - 01:21||27-10-2006 - 14:07|
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
|17-07-2013 - 10:37||13-12-2005 - 15:03|
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.ph
|24-10-2012 - 00:00||03-11-2006 - 20:07|
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed,
|24-10-2012 - 00:00||03-11-2006 - 20:07|
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (applica
|06-09-2011 - 00:00||28-07-2006 - 14:02|
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758
|06-05-2011 - 00:00||22-11-2005 - 06:03|
resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jo
|07-03-2011 - 21:43||03-11-2006 - 06:07|
Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
|07-03-2011 - 21:43||14-11-2006 - 17:07|
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
|07-03-2011 - 21:42||08-11-2006 - 16:07|
Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.
|07-03-2011 - 21:32||10-03-2006 - 06:02|
Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors.
|07-03-2011 - 21:28||19-12-2005 - 19:03|
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as de
|07-03-2011 - 00:00||10-11-2006 - 20:07|
Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c,
|15-09-2010 - 01:26||14-09-2006 - 18:07|
** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSiz
|05-09-2008 - 17:14||30-11-2006 - 10:28|
ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.
|05-09-2008 - 17:13||07-11-2006 - 13:07|
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
|05-09-2008 - 17:10||14-09-2006 - 17:07|
** DISPUTED ** Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies
|05-09-2008 - 17:06||05-07-2006 - 21:05|