Vulnerabilities (CVE)

Total 258992 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0929 1 Guillaume Fontaine 1 Php Rrd Browser 2024-02-04 5.0 MEDIUM N/A
Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.
CVE-2007-1614 1 Zziplib 1 Zziplib 2024-02-04 9.3 HIGH N/A
Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename.
CVE-2008-0718 1 Sun 1 Solaris 2024-02-04 4.7 MEDIUM N/A
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
CVE-2007-4269 1 Apple 2 Mac Os X, Mac Os X Server 2024-02-04 7.2 HIGH N/A
Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.
CVE-2007-4749 1 Autodesk 1 Backburner 2024-02-04 6.8 MEDIUM N/A
The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks.
CVE-2007-6006 1 Testlink 1 Testlink 2024-02-04 10.0 HIGH N/A
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
CVE-2007-0420 1 Bea 1 Weblogic Server 2024-02-04 5.0 MEDIUM N/A
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
CVE-2007-3599 1 Vtiger 1 Vtiger Crm 2024-02-04 8.5 HIGH N/A
vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission.
CVE-2007-5631 1 Peopleaggregator 1 Peopleaggregator 2024-02-04 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components.
CVE-2007-3614 1 Sap 1 Sap Db 2024-02-04 7.5 HIGH N/A
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
CVE-2007-3538 1 Qt-cute 1 Quicktalk Guestbook 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-5103 1 Wordsmith 1 Wordsmith 2024-02-04 6.8 MEDIUM N/A
Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter.
CVE-2006-5942 1 Website Designs For Less 1 Inventory Manager 2024-02-04 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter.
CVE-2008-0028 1 Cisco 4 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Pix 500 and 1 more 2024-02-04 7.1 HIGH N/A
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.
CVE-2007-3607 1 Sap 1 Enjoysap 2024-02-04 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.
CVE-2008-0734 1 Limbo Cms 1 Limbo Cms 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php.
CVE-2007-0302 1 Instantasp 1 Instantasp 2024-02-04 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.
CVE-2006-3507 1 Apple 2 Mac Os X, Mac Os X Server 2024-02-04 7.2 HIGH N/A
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.
CVE-2008-1281 1 Argontechnology 1 Client Management Services 2024-02-04 5.0 MEDIUM N/A
Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2008-0870 2 Bea Systems, Oracle 2 Weblogic Portal, Weblogic Portal 2024-02-04 7.5 HIGH N/A
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.