Vulnerabilities (CVE)

Filter

127277 total CVE
CVE Vendors Products Updated CVSS
CVE-2006-6980 1 Magnatune.com 1 Album Browser 2008-11-13 2.6
The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2006-5674 1 Minibb 1 Minibb 2008-11-13 7.5
Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2)...
CVE-2008-5037 1 Elkagroup 1 Image Gallery 2008-11-13 7.5
SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-2654 2 Suse, Xfsdump 7 Opensuse, Xfsdump, Suse Linux Openexchange Server and 4 more 2008-11-13 4.4
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
CVE-2007-2176 1 Mozilla 1 Firefox 2008-11-13 10.0
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
CVE-2008-4440 1 Debian 1 Feta 2008-11-11 7.2
The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.
CVE-2006-4492 1 Cybozu 1 Cybozu Office 2008-11-11 5.0
Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.
CVE-2006-4491 1 Cybozu 5 Cybozu Ag, Garoon 1, Mailwise and 2 more 2008-11-11 4.0
Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2005-3421 1 Hyper Estraier 1 Hyper Estraier 2008-11-11 5.0
estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.
CVE-2005-2803 1 Hiki 1 Hiki 2008-11-11 4.3
Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336.
CVE-2005-2336 1 Hiki 1 Hiki 2008-11-11 4.3
Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.
CVE-2003-0308 2 Sendmail, Debian 2 Debian Linux, Sendmail 2008-11-11 7.2
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
CVE-2008-5034 1 A Mennucc1 1 Printfilters-ppd 2008-11-11 6.9
** DISPUTED ** master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not...
CVE-2008-4998 1 Twiki 1 Twiki 2008-11-10 6.9
** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid."
CVE-2008-4997 1 Pilot-qof 1 Datafreedom-perl 2008-11-10 6.9
** DISPUTED ** dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an...
CVE-2008-4996 1 Debian 1 Initramfs-tools 2008-11-10 6.9
** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a...
CVE-2006-2690 1 Eva-web 1 Eva-web 2008-11-09 7.8
An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters.
CVE-2008-4920 2008-11-07 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was based on an incorrect claim regarding a directory issue in Agavi. The vendor has disputed the issue and the original researcher has retracted the...
CVE-2008-4988 1 Lars Bahner 1 Xcal 2008-11-06 6.9
pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.
CVE-2008-4977 1 Postfix 1 Postfix 2008-11-06 6.9
** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. ...