| Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-0146 | 7.5 |
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty,
|
14-02-2024 - 01:17 | 09-01-2006 - 23:03 | |
| CVE-2006-0459 | 7.5 |
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contain
|
06-10-2023 - 17:23 | 29-03-2006 - 23:02 | |
| CVE-2005-1849 | 5.0 |
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
|
22-06-2022 - 16:40 | 26-07-2005 - 04:00 | |
| CVE-2005-2096 | 7.5 |
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted
|
22-06-2022 - 16:40 | 06-07-2005 - 04:00 | |
| CVE-2006-0051 | 5.1 |
Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_
|
19-10-2018 - 15:42 | 05-04-2006 - 10:04 | |
| CVE-2006-0147 | 7.5 |
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (
|
19-10-2018 - 15:42 | 09-01-2006 - 23:03 | |
| CVE-2006-1550 | 7.6 |
Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of poi
|
18-10-2018 - 16:33 | 30-03-2006 - 23:02 | |
| CVE-2006-1614 | 5.1 |
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary co
|
18-10-2018 - 16:33 | 06-04-2006 - 22:04 | |
| CVE-2006-0806 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspeci
|
18-10-2018 - 16:29 | 21-02-2006 - 02:02 | |
| CVE-2006-0052 | 5.0 |
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part tha
|
03-10-2018 - 21:34 | 31-03-2006 - 11:06 | |
| CVE-2005-2966 | 5.1 |
The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.
|
03-10-2018 - 21:31 | 05-10-2005 - 21:02 | |
| CVE-2005-2471 | 7.5 |
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
|
11-10-2017 - 01:30 | 05-08-2005 - 04:00 | |
| CVE-2002-0004 | 7.2 |
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
|
10-10-2017 - 01:30 | 27-02-2002 - 05:00 | |
| CVE-2006-1630 | 5.0 |
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
|
20-07-2017 - 01:30 | 06-04-2006 - 22:04 | |
| CVE-2006-1615 | 10.0 |
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidenc
|
20-07-2017 - 01:30 | 06-04-2006 - 22:04 | |
| CVE-2006-0053 | 2.6 |
Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.
|
20-07-2017 - 01:29 | 10-04-2006 - 18:06 | |
| CVE-2006-0410 | 5.0 |
SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.
|
20-07-2017 - 01:29 | 25-01-2006 - 02:03 | |
| CVE-2005-3147 | 2.1 |
StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.
|
05-09-2008 - 20:53 | 05-10-2005 - 21:02 | |
| CVE-2005-3148 | 4.6 |
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.
|
05-09-2008 - 20:53 | 05-10-2005 - 21:02 | |
| CVE-2005-3146 | 2.1 |
StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.
|
05-09-2008 - 20:53 | 05-10-2005 - 21:02 |