Total
258805 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2116 | 1 Oracle | 1 Database Server | 2024-02-04 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters. | |||||
| CVE-2007-4384 | 1 Stephane Pineau | 1 Vote | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters. | |||||
| CVE-2007-5057 | 1 Netsupport | 1 Netsupport Manager Client | 2024-02-04 | 10.0 HIGH | N/A |
| NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager. | |||||
| CVE-2006-5615 | 1 Textpattern | 1 Textpattern | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter. | |||||
| CVE-2007-2085 | 1 Oe2edit | 1 Oe2edit Cms | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2007-2539 | 1 Runcms | 1 Runcms | 2024-02-04 | 7.8 HIGH | N/A |
| The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. | |||||
| CVE-2007-0983 | 1 Ansatheus | 1 At Contenator | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter. | |||||
| CVE-2006-5892 | 1 The Net Guys | 1 Aspired2poll | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6435 | 1 Xerox | 1 Workcentre | 2024-02-04 | 7.5 HIGH | N/A |
| The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack. | |||||
| CVE-2007-6130 | 1 Gnu | 1 Gnump3d | 2024-02-04 | 5.0 MEDIUM | N/A |
| gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2006-6982 | 1 3proxy | 1 3proxy | 2024-02-04 | 5.0 MEDIUM | N/A |
| 3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials. | |||||
| CVE-2007-0844 | 1 Pam Ssh | 1 Pam Ssh | 2024-02-04 | 6.4 MEDIUM | N/A |
| The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase. | |||||
| CVE-2007-5303 | 1 Snewscms | 1 Snewscms Rus | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. | |||||
| CVE-2007-2866 | 1 Phpecho Cms | 1 Phpecho Cms | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1368 | 1 Drupal | 1 Drupal Project Issue Tracking | 2024-02-04 | 3.5 LOW | N/A |
| The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier. | |||||
| CVE-2006-4811 | 2 Qt, Redhat | 2 Qt, Kdelibs | 2024-02-04 | 6.8 MEDIUM | N/A |
| Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. | |||||
| CVE-2007-3109 | 1 Microsoft | 2 Frontpage, Office | 2024-02-04 | 6.4 MEDIUM | N/A |
| The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. | |||||
| CVE-2006-7089 | 1 Ban | 1 Ban | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6509 | 1 Appian | 1 Business Process Management Suite | 2024-02-04 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. | |||||
| CVE-2007-4926 | 1 Axis | 1 207w Camera | 2024-02-04 | 9.3 HIGH | N/A |
| The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. | |||||