Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2005-0804 Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field. | N/A | NONE | β | 0 |
| CVE-2005-0805 SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global... | N/A | NONE | β | 0 |
| CVE-2005-0806 Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames. | N/A | NONE | β | 0 |
| CVE-2005-0807 Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID f... | N/A | NONE | β | 0 |
| CVE-2005-0808 Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | N/A | NONE | β | 0 |
| CVE-2005-0809 NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to pro... | N/A | NONE | β | 0 |
| CVE-2005-0810 SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL. | N/A | NONE | β | 0 |
| CVE-2005-0811 The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a dir... | N/A | NONE | β | 0 |
| CVE-2005-0812 The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information. | N/A | NONE | β | 0 |
| CVE-2005-0813 Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors. | N/A | NONE | β | 0 |
| CVE-2005-0814 Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors. | N/A | NONE | β | 0 |
| CVE-2005-0815 Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. | N/A | NONE | β | 0 |
| CVE-2005-0816 Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges. | N/A | NONE | β | 0 |
| CVE-2013-0913 Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before ... | N/A | NONE | β | 0 |
| CVE-2026-34798 Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/routing.cgi. An authenticated attacker can inject arbitrary JavaScript that is sto... | 6.4 | MEDIUM | β | 0 |
| CVE-2010-4242 The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, wh... | N/A | NONE | β | 0 |
| CVE-2010-4247 The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users... | N/A | NONE | β | 0 |
| CVE-2010-4525 Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory ... | N/A | NONE | β | 0 |
| CVE-2010-4526 Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreac... | N/A | NONE | β | 0 |
| CVE-2005-0817 Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to ... | N/A | NONE | β | 0 |
| CVE-2005-0818 Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters. | N/A | NONE | β | 0 |
| CVE-2005-0819 The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start. | N/A | NONE | β | 0 |
| CVE-2005-0820 Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database ... | N/A | NONE | β | 0 |
| CVE-2005-0821 Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | N/A | NONE | β | 0 |
| CVE-2006-3315 PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter. | N/A | NONE | β | 0 |
| CVE-2026-34799 Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is s... | 6.4 | MEDIUM | β | 0 |
| CVE-2010-4645 strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a c... | N/A | NONE | β | 0 |
| CVE-2010-4693 Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to h... | N/A | NONE | β | 0 |
| CVE-2011-0003 MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2011-0005 Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.ph... | N/A | NONE | β | 0 |
| CVE-2011-0007 pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is ... | N/A | NONE | β | 0 |
| CVE-2005-0822 Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is ... | N/A | NONE | β | 0 |
| CVE-2005-0823 ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges. | N/A | NONE | β | 0 |
| CVE-2005-0824 The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump... | 5.5 | MEDIUM | β | 0 |
| CVE-2005-0825 Buffer overflow in LTris before 1.0.10 allows local users to execute arbitrary code via a crafted highscores file. | N/A | NONE | β | 0 |
| CVE-2005-0826 OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a dynamic link library (DLL) with a long filename. | N/A | NONE | β | 0 |
| CVE-2005-0827 Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid pa... | N/A | NONE | β | 0 |
| CVE-2005-0828 highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying ... | N/A | NONE | β | 0 |
| CVE-2005-0829 Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass... | N/A | NONE | β | 0 |
| CVE-2005-0830 Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code v... | N/A | NONE | β | 0 |
| CVE-2005-0831 PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters. | N/A | NONE | β | 0 |
| CVE-2006-3115 SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter. | N/A | NONE | β | 0 |
| CVE-2005-0832 Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | N/A | NONE | β | 0 |
| CVE-2005-0833 Belkin 54G (F5D7130) wireless router allows remote attackers to access restricted resources by sniffing URIs from UPNP datagrams, then accessing those URIs, which do not require authentication. | N/A | NONE | β | 0 |
| CVE-2005-0834 Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information. | N/A | NONE | β | 0 |
| CVE-2005-0835 The SNMP service in the Belkin 54G (F5D7130) wireless router allows remote attackers to cause a denial of service via unknown vectors. | N/A | NONE | β | 0 |
| CVE-2005-0836 Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. | N/A | NONE | β | 0 |
| CVE-2005-0837 IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot). | N/A | NONE | β | 0 |
| CVE-2013-0915 The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an "overflow." | N/A | NONE | β | 0 |
| CVE-2005-0838 Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a lo... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.