Total
238601 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5159 | 3 Ntfs-3g, Redhat, Ubuntu | 3 Ntfs-3g, Fedora, Ubuntu Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. | |||||
CVE-2006-6265 | 1 Microsoft | 1 Teredo | 2024-02-04 | 5.8 MEDIUM | N/A |
Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure. | |||||
CVE-2007-4846 | 1 Webace | 1 Webace-linkscript | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action. | |||||
CVE-2007-1925 | 1 Tru-zone | 1 Nukeet | 2024-02-04 | 6.5 MEDIUM | N/A |
The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie. | |||||
CVE-2007-6336 | 1 Clam Anti-virus | 1 Clamav | 2024-02-04 | 6.8 MEDIUM | N/A |
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. | |||||
CVE-2007-2943 | 1 Webavis | 1 Webavis | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
CVE-2007-3426 | 1 Zoneo-soft | 1 Phptraffica | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
CVE-2007-0424 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption. | |||||
CVE-2007-0442 | 1 Ibm | 1 Os 400 | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain. | |||||
CVE-2007-6517 | 1 Aeries | 1 Aeries Browser Interface | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-1472 | 1 T-systems Solutions For Research Gmbh | 1 Groupit | 2024-02-04 | 6.8 MEDIUM | N/A |
Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath parameter to (1) content.php, (2) userprofile.php, (3) password.php, (4) dispatch.php, and (5) deliver.php in html/, and possibly (6) load.inc.php and related files. | |||||
CVE-2007-4544 | 1 Wordpress | 1 Wordpress Mu | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). | |||||
CVE-2007-4593 | 1 Vmware | 1 Workstation | 2024-02-04 | 6.9 MEDIUM | N/A |
Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-3224 | 1 Sun | 2 Java System Directory Server, One Directory Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors. | |||||
CVE-2006-4580 | 1 The Address Book | 1 The Address Book | 2024-02-04 | 7.5 HIGH | N/A |
register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm". | |||||
CVE-2006-6856 | 1 Webtext | 1 Webtext | 2024-02-04 | 7.5 HIGH | N/A |
Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. | |||||
CVE-2006-5445 | 1 Digium | 1 Asterisk | 2024-02-04 | 7.8 HIGH | N/A |
Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. | |||||
CVE-2008-0978 | 1 Double-take Software | 1 Double-take | 2024-02-04 | 5.0 MEDIUM | N/A |
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries. | |||||
CVE-2007-3459 | 1 Civiltech | 1 Avax Vector Activex | 2024-02-04 | 6.4 MEDIUM | N/A |
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method. | |||||
CVE-2007-5509 | 1 Oracle | 1 Database Server | 2024-02-04 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06. |