Latest CVE Feed
-
2.6
LOWCVE-2004-0180
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.... Read more
Affected Products : cvs- EPSS Score: %3.95
- Published: Jun. 01, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2007-3474
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.... Read more
- EPSS Score: %5.72
- Published: Jun. 28, 2007
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2008-4937
senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.... Read more
Affected Products : openoffice.org- EPSS Score: %0.04
- Published: Nov. 05, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2005-0192
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.... Read more
- EPSS Score: %2.35
- Published: Oct. 06, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2015-4171
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is comp... Read more
- EPSS Score: %1.01
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2012-3450
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds rea... Read more
Affected Products : php- EPSS Score: %9.65
- Published: Aug. 06, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2005-0664
Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a craft... Read more
Affected Products : libexif- EPSS Score: %3.11
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2015-7094
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.... Read more
- EPSS Score: %0.34
- Published: Dec. 11, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2005-0584
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.... Read more
- EPSS Score: %0.58
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-1999-0871
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.... Read more
Affected Products : internet_explorer- EPSS Score: %11.22
- Published: Sep. 04, 1998
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2000-0439
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.... Read more
Affected Products : internet_explorer- EPSS Score: %14.82
- Published: May. 11, 2000
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-1791
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenar... Read more
Affected Products : ie- EPSS Score: %9.40
- Published: May. 28, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2004-2011
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.... Read more
Affected Products : internet_explorer- EPSS Score: %9.54
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2014-2226
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.... Read more
Affected Products : unifi_controller- EPSS Score: %0.29
- Published: Jul. 29, 2014
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2005-0905
Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.... Read more
Affected Products : maxthon- EPSS Score: %7.42
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-2648
Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter.... Read more
Affected Products : aspbb- EPSS Score: %7.01
- Published: May. 30, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2024-7998
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.... Read more
- Published: Aug. 21, 2024
- Modified: Jul. 02, 2025
-
2.6
LOWCVE-2006-2258
Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter.... Read more
Affected Products : maxxschedule- EPSS Score: %0.62
- Published: May. 09, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-2165
Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_i... Read more
Affected Products : avactis_shopping_cart- EPSS Score: %0.36
- Published: May. 04, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-2265
Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained... Read more
Affected Products : calendar_manager_pro- EPSS Score: %3.88
- Published: May. 09, 2006
- Modified: Apr. 03, 2025