| Max CVSS | 9.4 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-4204 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
13-02-2023 - 04:45 | 18-11-2013 - 02:55 | |
| CVE-2005-4332 | 9.4 |
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_
|
30-10-2018 - 16:26 | 17-12-2005 - 11:03 | |
| CVE-2005-4300 | 7.5 |
Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response.
|
19-10-2018 - 15:40 | 16-12-2005 - 23:03 | |
| CVE-2016-3256 | 2.1 |
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability."
|
12-10-2018 - 22:12 | 13-07-2016 - 01:59 | |
| CVE-2017-13090 | 9.3 |
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative
|
30-12-2017 - 02:29 | 27-10-2017 - 19:29 | |
| CVE-2008-4446 | 4.3 |
Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
17-11-2017 - 14:55 | 06-10-2008 - 19:54 | |
| CVE-2006-6616 | 6.0 |
index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained
|
29-07-2017 - 01:29 | 18-12-2006 - 02:28 | |
| CVE-2014-8500 | 7.8 |
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referra
|
03-01-2017 - 02:59 | 11-12-2014 - 02:59 | |
| CVE-2005-4343 | 5.0 |
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusio
|
08-03-2011 - 02:28 | 19-12-2005 - 03:47 | |
| CVE-2005-4345 | 7.2 |
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
|
08-03-2011 - 02:28 | 19-12-2005 - 03:47 | |
| CVE-2005-4342 | 7.5 |
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered San
|
08-03-2011 - 02:28 | 19-12-2005 - 03:47 | |
| CVE-2005-4473 | 5.0 |
Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL."
|
08-03-2011 - 02:28 | 22-12-2005 - 00:03 | |
| CVE-2005-4472 | 7.5 |
Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters.
|
08-03-2011 - 02:28 | 22-12-2005 - 00:03 | |
| CVE-2005-4344 | 2.1 |
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.
|
08-03-2011 - 02:28 | 19-12-2005 - 03:47 | |
| CVE-2005-4310 | 7.5 |
SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials.
|
08-03-2011 - 02:27 | 17-12-2005 - 00:03 | |
| CVE-2005-4302 | 5.0 |
Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter.
|
08-03-2011 - 02:27 | 17-12-2005 - 00:03 | |
| CVE-2005-3652 | 7.5 |
Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response.
|
08-03-2011 - 02:26 | 16-12-2005 - 23:03 | |
| CVE-2005-4315 | 7.5 |
SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (2) s_orderby parameters to plexcart.pl.
|
07-03-2011 - 05:00 | 17-12-2005 - 00:03 | |
| CVE-2005-4304 | 5.0 |
index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has t
|
20-09-2008 - 04:42 | 17-12-2005 - 00:03 | |
| CVE-2005-4303 | 7.5 |
SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter.
|
20-09-2008 - 04:42 | 17-12-2005 - 00:03 | |
| CVE-2000-0792 | 7.5 |
Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available.
|
05-09-2008 - 20:21 | 20-10-2000 - 04:00 |