Total
258566 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0798 | 1 Artmedic Webdesign | 1 Artmedic Weblog | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date parameter to artmedic_print.php. | |||||
| CVE-2006-5632 | 1 Ig Shop | 1 Ig Shop | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2179 | 1 Raiden Professional Servers | 1 Raidenftpd | 2024-02-04 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference. | |||||
| CVE-2007-6533 | 1 Inmatrix | 1 Zoom Player | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message. | |||||
| CVE-2006-6299 | 1 Novell | 1 Zenworks Asset Management | 2024-02-04 | 10.0 HIGH | N/A |
| Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. | |||||
| CVE-2007-0235 | 1 Libgtop | 1 Libgtop | 2024-02-04 | 3.7 LOW | N/A |
| Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor. | |||||
| CVE-2007-2023 | 1 Secustick | 1 Secustick Usb Flash Drive | 2024-02-04 | 7.2 HIGH | N/A |
| USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function. | |||||
| CVE-2008-1273 | 1 Imagevue | 1 Imagevue | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6813 | 1 Mxmania | 1 Mxmania File Upload Manager | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-5105 | 1 Forum One | 1 Syntaxcms | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to admin/testing/index.php. NOTE: the 0004_init_urls.php vector is already covered by CVE-2006-5055. | |||||
| CVE-2007-4291 | 1 Cisco | 1 Ios | 2024-02-04 | 7.1 HIGH | N/A |
| Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption. | |||||
| CVE-2007-0675 | 1 Microsoft | 1 Windows Vista | 2024-02-04 | 7.6 HIGH | N/A |
| A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. | |||||
| CVE-2007-4847 | 1 Google | 1 Picasa | 2024-02-04 | 5.0 MEDIUM | N/A |
| Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | |||||
| CVE-2007-5377 | 1 Gnu | 1 Tramp | 2024-02-04 | 6.9 MEDIUM | N/A |
| The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2007-3655 | 1 Sun | 1 Jre | 2024-02-04 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file. | |||||
| CVE-2008-0480 | 1 Web Wiz | 1 Web Wiz Forums | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp. | |||||
| CVE-2007-4706 | 1 Apple | 1 Quicktime | 2024-02-04 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file. | |||||
| CVE-2007-5586 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-5587. Reason: This candidate is a duplicate of CVE-2007-5587. Notes: All CVE users should reference CVE-2007-5587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2007-1582 | 1 Php | 1 Php | 2024-02-04 | 6.8 MEDIUM | N/A |
| The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. | |||||
| CVE-2007-4060 | 1 Frank Yaul | 1 Corehttp | 2024-02-04 | 9.0 HIGH | N/A |
| Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request. | |||||