| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-6827 | 6.8 |
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidde
|
14-02-2024 - 17:26 | 08-06-2009 - 19:30 | |
| CVE-2005-3302 | 7.5 |
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
|
14-02-2024 - 15:47 | 24-10-2005 - 10:02 | |
| CVE-2012-0818 | 5.0 |
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
|
13-02-2023 - 03:26 | 23-11-2012 - 20:55 | |
| CVE-2006-1996 | 5.0 |
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message.
|
18-10-2018 - 16:37 | 25-04-2006 - 12:50 | |
| CVE-2006-1995 | 5.0 |
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong or
|
18-10-2018 - 16:37 | 25-04-2006 - 12:50 | |
| CVE-2006-2005 | 7.5 |
Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this i
|
18-10-2018 - 16:37 | 25-04-2006 - 12:50 | |
| CVE-2006-1999 | 5.0 |
The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu.
|
18-10-2018 - 16:37 | 25-04-2006 - 12:50 | |
| CVE-2006-1998 | 2.1 |
OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error.
|
18-10-2018 - 16:37 | 25-04-2006 - 12:50 | |
| CVE-2006-2001 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector.
|
18-10-2018 - 16:37 | 25-04-2006 - 12:50 | |
| CVE-2017-11884 | 9.3 |
Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CV
|
16-03-2018 - 14:07 | 15-11-2017 - 03:29 | |
| CVE-2011-5245 | 5.0 |
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE
|
29-08-2017 - 01:30 | 23-11-2012 - 20:55 | |
| CVE-2006-2007 | 7.5 |
Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port.
|
20-07-2017 - 01:31 | 25-04-2006 - 12:50 | |
| CVE-2006-2015 | 2.6 |
Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from
|
20-07-2017 - 01:31 | 25-04-2006 - 12:50 | |
| CVE-2006-2006 | 5.0 |
Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this inf
|
20-07-2017 - 01:31 | 25-04-2006 - 12:50 | |
| CVE-2006-2017 | 5.0 |
Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. This vulnerability is addressed in the following product release:
version 2.30
|
20-07-2017 - 01:31 | 25-04-2006 - 12:50 | |
| CVE-2006-2014 | 5.0 |
Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this
|
20-07-2017 - 01:31 | 25-04-2006 - 12:50 | |
| CVE-2006-2013 | 7.5 |
SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. NOTE: this issue could be used to produce resultant XSS from an error message.
|
20-07-2017 - 01:31 | 25-04-2006 - 12:50 | |
| CVE-2006-0048 | 5.0 |
Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer
|
20-07-2017 - 01:29 | 26-04-2006 - 00:06 | |
| CVE-2016-2889 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authent
|
28-11-2016 - 20:05 | 08-07-2016 - 01:59 | |
| CVE-2000-0916 | 7.5 |
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
|
05-09-2008 - 20:22 | 19-12-2000 - 05:00 |