Total
258810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4004 | 1 Ibm | 1 Aix | 2024-02-04 | 6.9 MEDIUM | N/A |
| Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries. | |||||
| CVE-2006-5138 | 1 Ubbcentral | 1 Ubb.threads | 2024-02-04 | 5.0 MEDIUM | N/A |
| Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message. | |||||
| CVE-2007-2608 | 1 Miplex2 | 1 Miplex2 | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter. | |||||
| CVE-2007-3875 | 2 Broadcom, Ca | 23 Anti-spyware, Anti-virus For The Enterprise, Anti Virus Sdk and 20 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file. | |||||
| CVE-2007-3482 | 2 Apple, Microsoft | 2 Safari, Windows Nt | 2024-02-04 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. | |||||
| CVE-2008-1079 | 1 Beehive Software | 1 Sendfile.net | 2024-02-04 | 7.5 HIGH | N/A |
| The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges. | |||||
| CVE-2007-4746 | 1 Cisco | 3 Video Surveillance Ip Gateway Encoder Decoder, Video Surveillance Sp Isp, Video Surveillance Sp Isp Decoder Software | 2024-02-04 | 9.0 HIGH | N/A |
| The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681. | |||||
| CVE-2008-0725 | 1 Titan | 1 Ftp Server | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702. | |||||
| CVE-2007-0168 | 1 Broadcom | 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite | 2024-02-04 | 7.5 HIGH | N/A |
| The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed. | |||||
| CVE-2007-3754 | 1 Apple | 2 Iphone, Iphone Os | 2024-02-04 | 4.3 MEDIUM | N/A |
| Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. | |||||
| CVE-2006-6527 | 1 Gizzar | 1 Gizzar | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3504 | 2 Microsoft, Sun | 4 Windows, Jdk, Jre and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. | |||||
| CVE-2008-1132 | 1 Net Activity Viewer | 1 Net Activity Viewer | 2024-02-04 | 4.7 MEDIUM | N/A |
| Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action. | |||||
| CVE-2007-6576 | 1 Adultscript | 1 Adultscript | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php. | |||||
| CVE-2007-6668 | 1 Peergoal | 1 Myspace Content Zone | 2024-02-04 | 7.5 HIGH | N/A |
| admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file. | |||||
| CVE-2007-4959 | 1 Jelsoft | 1 Oscmax | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3667 | 1 Activereportsexcelreport | 1 Activereportsexcelreport | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport allows remote attackers to cause a denial of service via the DDRow Height variable. | |||||
| CVE-2007-0031 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. | |||||
| CVE-2006-6191 | 1 8pixel.net | 1 Simple Blog | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2148 | 1 Stephen Craton | 1 Chatness | 2024-02-04 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | |||||