Total
258985 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1627 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4606. Reason: This candidate is a duplicate of CVE-2006-4606. Notes: All CVE users should reference CVE-2006-4606 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2007-6349 | 1 Perforce | 1 P4web | 2024-02-04 | 7.8 HIGH | N/A |
| P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. | |||||
| CVE-2007-6686 | 1 Menalto | 1 Gallery | 2024-02-04 | 10.0 HIGH | N/A |
| The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller. | |||||
| CVE-2007-6458 | 1 My123tkshop | 1 E-commerce-suite | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | |||||
| CVE-2007-6055 | 1 Liferay | 1 Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date. | |||||
| CVE-2008-0429 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. | |||||
| CVE-2007-1467 | 1 Cisco | 18 Acs Solution Engine, Call Manager, Ciscoworks and 15 more | 2024-02-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. | |||||
| CVE-2006-6284 | 1 Vikingboard | 1 Vikingboard | 2024-02-04 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the act parameter. | |||||
| CVE-2006-6860 | 1 Mythcontrol | 1 Mythcontrol | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4026 | 1 Telaxus Llc | 1 Epesi | 2024-02-04 | 6.8 MEDIUM | N/A |
| epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6891 | 1 Vz Forum | 1 Vz Forum | 2024-02-04 | 5.0 MEDIUM | N/A |
| Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt. | |||||
| CVE-2007-1961 | 1 Phpbb | 1 Mutant | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1178 | 1 Web-app.org | 1 Webapp | 2024-02-04 | 7.5 HIGH | N/A |
| WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors. | |||||
| CVE-2007-5421 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** Multiple stack-based buffer overflows in Cisco IOS 12.x and IOS XR allow attackers to execute arbitrary code, as demonstrated via the "Bind Shell", "Reverse Shell", and "Two byte rootshell (Tiny Shell)" attacks. NOTE: the vendor and researcher agree that this issue does not cross privilege boundaries, saying they do not "represent a vulnerability." The disclosure was intended to demonstrate techniques for exploitation, which is not covered by CVE. | |||||
| CVE-2007-4362 | 1 Prozilla | 1 Webring | 2024-02-04 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2006-5372 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS11 for Oracle Universal Work Queue and (2) APPS12 for Oracle Application Object Library. | |||||
| CVE-2006-6749 | 1 Openser | 1 Openser | 2024-02-04 | 9.3 HIGH | N/A |
| Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter. | |||||
| CVE-2007-1016 | 1 Aktueldownload | 1 Aktueldownload Haber Script | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate. | |||||
| CVE-2007-3257 | 1 Gnome | 1 Evolution | 2024-02-04 | 6.8 MEDIUM | N/A |
| Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | |||||
| CVE-2007-4659 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
| The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | |||||