Latest CVE Feed
-
2.6
LOWCVE-2007-3474
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.... Read more
- EPSS Score: %5.72
- Published: Jun. 28, 2007
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2007-0895
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it... Read more
- EPSS Score: %0.07
- Published: Feb. 13, 2007
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2010-2431
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.... Read more
Affected Products : cups- EPSS Score: %0.03
- Published: Jun. 22, 2010
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2006-2832
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.... Read more
Affected Products : drupal- EPSS Score: %0.53
- Published: Jun. 06, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-2126
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite fi... Read more
- EPSS Score: %61.69
- Published: Oct. 21, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2012-3450
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds rea... Read more
Affected Products : php- EPSS Score: %9.65
- Published: Aug. 06, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2003-0279
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.... Read more
Affected Products : php-nuke- EPSS Score: %0.02
- Published: Jun. 16, 2003
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2008-4937
senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.... Read more
Affected Products : openoffice.org- EPSS Score: %0.04
- Published: Nov. 05, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2005-2274
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofi... Read more
Affected Products : internet_explorer- EPSS Score: %22.08
- Published: Jul. 13, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-1192
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another s... Read more
- EPSS Score: %30.14
- Published: Apr. 11, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2008-4456
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by plac... Read more
- EPSS Score: %4.68
- Published: Oct. 06, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2005-2534
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.... Read more
Affected Products : openvpn- EPSS Score: %0.60
- Published: Aug. 24, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-0190
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ?... Read more
- EPSS Score: %3.11
- Published: Sep. 29, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2010-0808
Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplet... Read more
- EPSS Score: %29.56
- Published: Oct. 13, 2010
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2004-1449
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.... Read more
- EPSS Score: %0.35
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2013-2051
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix ... Read more
Affected Products : enterprise_linux- EPSS Score: %0.34
- Published: Jul. 09, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2005-0586
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.... Read more
- EPSS Score: %0.69
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-3110
Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be m... Read more
- EPSS Score: %2.47
- Published: Sep. 30, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2015-0820
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbo... Read more
- EPSS Score: %0.30
- Published: Feb. 25, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2005-2272
Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vuln... Read more
Affected Products : safari- EPSS Score: %1.25
- Published: Jul. 13, 2005
- Modified: Apr. 03, 2025