Total
258591 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6043 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.1 HIGH | N/A |
| The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. | |||||
| CVE-2007-1801 | 1 Sblog | 1 Sblog | 2024-02-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php. | |||||
| CVE-2007-4369 | 1 Sote | 1 Soteesklep | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-0732 | 2 Apache, Suse | 2 Geronimo, Suse Linux | 2024-02-04 | 2.1 LOW | N/A |
| The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories. | |||||
| CVE-2007-1797 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. | |||||
| CVE-2007-3298 | 1 Spey | 1 Spey | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components. | |||||
| CVE-2007-3899 | 1 Microsoft | 2 Office, Word | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." | |||||
| CVE-2006-7219 | 1 Ez | 1 Ez Publish | 2024-02-04 | 4.0 MEDIUM | N/A |
| eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft. | |||||
| CVE-2007-1714 | 1 Cccounter | 1 Cccounter | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter. | |||||
| CVE-2007-0077 | 1 Lblog | 1 Lblog | 2024-02-04 | 5.0 MEDIUM | N/A |
| lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/. | |||||
| CVE-2006-7033 | 1 Super Link Exchange Script | 1 Super Link Exchange Script | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Super Link Exchange Script 1.0 allows remote attackers to inject arbitrary web script or HTML via IMG tags in the search box. | |||||
| CVE-2008-0597 | 2 Easy Software Products, Redhat | 3 Cups, Desktop, Enterprise Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. | |||||
| CVE-2007-5211 | 1 Arbor Networks | 1 Peakflow Sp | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving GET or POST requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2796 | 1 Arris | 1 Cadant C3 Cmts | 2024-02-04 | 7.8 HIGH | N/A |
| Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option. | |||||
| CVE-2007-4797 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
| Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors. | |||||
| CVE-2007-6178 | 1 Easy Hosting Control Panel | 1 Easy Hosting Control Panel | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | |||||
| CVE-2006-6660 | 1 Kde | 1 Libkhtml | 2024-02-04 | 4.3 MEDIUM | N/A |
| The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. | |||||
| CVE-2008-0386 | 2 Gentoo, Mandrakesoft | 2 Xdg-utils, Mandrake Linux | 2024-02-04 | 6.8 MEDIUM | N/A |
| Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. | |||||
| CVE-2007-3447 | 1 Bugmall | 1 Shopping Cart | 2024-02-04 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected. | |||||
| CVE-2007-1452 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST. | |||||