Total
258806 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5887 | 1 Infuseum | 1 Asp Message Board | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6579 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 4.4 MEDIUM | N/A |
| Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. | |||||
| CVE-2006-7171 | 1 Koan Software | 1 Mega Mall | 2024-02-04 | 5.0 MEDIUM | N/A |
| product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter. | |||||
| CVE-2007-2261 | 1 Realink | 1 C-arbre | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721. | |||||
| CVE-2007-0014 | 1 Sun | 1 Chainkey Java Code Protection | 2024-02-04 | 4.4 MEDIUM | N/A |
| ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. | |||||
| CVE-2007-1680 | 1 Yahoo | 1 Messenger | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties. | |||||
| CVE-2007-3570 | 1 Novell | 1 Access Manager | 2024-02-04 | 7.5 HIGH | N/A |
| The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | |||||
| CVE-2006-6038 | 1 Powie | 1 Pforum | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0428 | 1 Wzdftpd | 1 Wzdftpd | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference. | |||||
| CVE-2006-5483 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 2.1 LOW | N/A |
| p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root. | |||||
| CVE-2008-0620 | 1 Sap | 3 Sapgui, Saplpd, Sapsprint | 2024-02-04 | 10.0 HIGH | N/A |
| SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate. | |||||
| CVE-2007-2335 | 1 Lunascape | 1 Lunascape | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS feed reader functionality in Lunascape 4.1.3 build2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6183 | 1 3com | 1 3ctftpsvc | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command. | |||||
| CVE-2007-5507 | 1 Oracle | 1 Database Server | 2024-02-04 | 6.4 MEDIUM | N/A |
| The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. | |||||
| CVE-2007-1390 | 1 Dynaliens | 1 Dynaliens | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3. | |||||
| CVE-2007-3063 | 1 Mealex | 1 My Databook | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter. | |||||
| CVE-2007-0030 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. | |||||
| CVE-2007-0298 | 1 Dexxaboy | 1 Lunarpoll | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter. | |||||
| CVE-2006-5472 | 1 Softerra | 1 Php Developer Library | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php. | |||||
| CVE-2006-5018 | 1 Contentkeeper Technologies | 1 Contentkeeper | 2024-02-04 | 4.0 MEDIUM | N/A |
| ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI. | |||||