Total
258985 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0554 | 1 Netpbm | 1 Netpbm | 2024-02-04 | 6.8 MEDIUM | N/A |
| Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. | |||||
| CVE-2007-1979 | 1 Xoops | 1 Xoops Popnupblog | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected. | |||||
| CVE-2007-4202 | 1 Guidance Software | 1 Encase | 2024-02-04 | 4.3 MEDIUM | N/A |
| Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image. | |||||
| CVE-2006-6513 | 1 Flippet.org | 1 Winamp Web Interface | 2024-02-04 | 3.5 LOW | N/A |
| The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function. | |||||
| CVE-2007-3676 | 1 Ibm | 1 Db2 | 2024-02-04 | 10.0 HIGH | N/A |
| IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698. | |||||
| CVE-2007-1024 | 1 Marcello Vitagliano | 1 Meganoides News | 2024-02-04 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. | |||||
| CVE-2007-1983 | 1 Cyboards | 1 Cyboards Php Lite | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871. | |||||
| CVE-2007-3232 | 1 Ibm | 1 Totalstorage Ds400 | 2024-02-04 | 10.0 HIGH | N/A |
| The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000. | |||||
| CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-5742 | 1 Airmagnet | 1 Enterprise | 2024-02-04 | 5.0 MEDIUM | N/A |
| The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application Scripting (XAS)". | |||||
| CVE-2007-2282 | 1 Cisco | 1 Netflow Collection Engine | 2024-02-04 | 10.0 HIGH | N/A |
| Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system. | |||||
| CVE-2006-6096 | 1 Dotnetindex | 1 Active News Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2008-0664 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 6.4 MEDIUM | N/A |
| The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. | |||||
| CVE-2007-0929 | 1 Guillaume Fontaine | 1 Php Rrd Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter. | |||||
| CVE-2007-1614 | 1 Zziplib | 1 Zziplib | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename. | |||||
| CVE-2008-0718 | 1 Sun | 1 Solaris | 2024-02-04 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2007-4269 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.2 HIGH | N/A |
| Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow. | |||||
| CVE-2007-4749 | 1 Autodesk | 1 Backburner | 2024-02-04 | 6.8 MEDIUM | N/A |
| The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks. | |||||
| CVE-2007-6006 | 1 Testlink | 1 Testlink | 2024-02-04 | 10.0 HIGH | N/A |
| TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. | |||||
| CVE-2007-0420 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests. | |||||