Total
258586 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0638 | 1 Symantec | 1 Veritas Storage Foundation | 2024-02-04 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size. | |||||
| CVE-2007-2885 | 1 Microsoft | 1 Visual Database Tools Database Designer | 2024-02-04 | 4.3 MEDIUM | N/A |
| The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. | |||||
| CVE-2007-1131 | 1 Scripter.ch | 1 Sinapis Forum | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||||
| CVE-2007-3681 | 1 Winpcap | 1 Winpcap | 2024-02-04 | 6.6 MEDIUM | N/A |
| The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. | |||||
| CVE-2007-5694 | 1 Sitebar | 1 Sitebar | 2024-02-04 | 6.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491. | |||||
| CVE-2008-0395 | 1 Kayako | 1 Supportsuite | 2024-02-04 | 5.0 MEDIUM | N/A |
| Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal. | |||||
| CVE-2006-6073 | 1 Enthrallweb | 1 Eshopping Cart | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. | |||||
| CVE-2008-0579 | 1 Joomla | 1 Com Buslicense | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action. | |||||
| CVE-2006-6617 | 1 Microsoft | 1 Project Server | 2024-02-04 | 6.5 MEDIUM | N/A |
| projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. | |||||
| CVE-2007-6372 | 1 Juniper | 1 Junos | 2024-02-04 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. | |||||
| CVE-2008-0367 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. | |||||
| CVE-2007-1074 | 1 Dji | 1 Newsbin Pro | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. | |||||
| CVE-2006-7019 | 1 Phpwcms | 1 Phpwcms | 2024-02-04 | 7.5 HIGH | N/A |
| phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3288 | 1 Skeltoac | 1 Automattic Stats | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field. | |||||
| CVE-2007-4281 | 1 Knowledgetree | 1 Open Source | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors. | |||||
| CVE-2007-6043 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.1 HIGH | N/A |
| The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. | |||||
| CVE-2007-1801 | 1 Sblog | 1 Sblog | 2024-02-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php. | |||||
| CVE-2007-4369 | 1 Sote | 1 Soteesklep | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-0732 | 2 Apache, Suse | 2 Geronimo, Suse Linux | 2024-02-04 | 2.1 LOW | N/A |
| The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories. | |||||
| CVE-2007-1797 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. | |||||