Total
240118 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-2606 | 1 Firebirdsql | 1 Firebird | 2024-02-04 | 7.8 HIGH | N/A |
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE. | |||||
CVE-2007-1623 | 1 Realguestbook | 1 Realguestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php; and possibly unspecified other parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-1557 | 1 F-secure | 1 F-secure Anti-virus | 2024-02-04 | 7.2 HIGH | N/A |
Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page. | |||||
CVE-2007-1376 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource. | |||||
CVE-2007-6685 | 1 Menalto | 1 Gallery Publish Xp Module | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | |||||
CVE-2007-2400 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2024-02-04 | 4.3 MEDIUM | N/A |
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. | |||||
CVE-2007-6381 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2006-5639 | 1 Openwbem | 1 Openwbem | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication." | |||||
CVE-2007-4964 | 1 Winimage | 1 Winimage | 2024-02-04 | 5.0 MEDIUM | N/A |
WinImage 8.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via an invalid BPB_BytsPerSec field in the header of a .IMG file. | |||||
CVE-2006-5252 | 1 Webmedia Explorer | 1 Webmedia Explorer | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter. | |||||
CVE-2007-0069 | 1 Microsoft | 3 Windows 2003 Server, Windows Vista, Windows Xp | 2024-02-04 | 9.3 HIGH | N/A |
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." | |||||
CVE-2007-0453 | 1 Samba | 1 Samba | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions. | |||||
CVE-2007-0772 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.8 HIGH | N/A |
The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer. | |||||
CVE-2007-6078 | 1 Skyportal | 1 Skyportal | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action. | |||||
CVE-2007-4286 | 1 Cisco | 1 Ios | 2024-02-04 | 9.3 HIGH | N/A |
Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet. | |||||
CVE-2007-5465 | 1 Mydoop | 1 Doop Cms | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component. | |||||
CVE-2007-1432 | 1 Grayscale | 1 Grayscale Blog | 2024-02-04 | 7.5 HIGH | N/A |
Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php. | |||||
CVE-2006-5856 | 1 Adobe | 1 Download Manager | 2024-02-04 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. | |||||
CVE-2008-1295 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2024-02-04 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter. | |||||
CVE-2007-5116 | 6 Debian, Larry Wall, Mandrakesoft and 3 more | 10 Debian Linux, Perl, Mandrake Linux and 7 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. |