Total
258992 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-0929 | 1 Guillaume Fontaine | 1 Php Rrd Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter. | |||||
CVE-2007-1614 | 1 Zziplib | 1 Zziplib | 2024-02-04 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename. | |||||
CVE-2008-0718 | 1 Sun | 1 Solaris | 2024-02-04 | 4.7 MEDIUM | N/A |
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
CVE-2007-4269 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.2 HIGH | N/A |
Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow. | |||||
CVE-2007-4749 | 1 Autodesk | 1 Backburner | 2024-02-04 | 6.8 MEDIUM | N/A |
The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks. | |||||
CVE-2007-6006 | 1 Testlink | 1 Testlink | 2024-02-04 | 10.0 HIGH | N/A |
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. | |||||
CVE-2007-0420 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests. | |||||
CVE-2007-3599 | 1 Vtiger | 1 Vtiger Crm | 2024-02-04 | 8.5 HIGH | N/A |
vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. | |||||
CVE-2007-5631 | 1 Peopleaggregator | 1 Peopleaggregator | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components. | |||||
CVE-2007-3614 | 1 Sap | 1 Sap Db | 2024-02-04 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields." | |||||
CVE-2007-3538 | 1 Qt-cute | 1 Quicktalk Guestbook | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-5103 | 1 Wordsmith | 1 Wordsmith | 2024-02-04 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter. | |||||
CVE-2006-5942 | 1 Website Designs For Less | 1 Inventory Manager | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter. | |||||
CVE-2008-0028 | 1 Cisco | 4 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Pix 500 and 1 more | 2024-02-04 | 7.1 HIGH | N/A |
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. | |||||
CVE-2007-3607 | 1 Sap | 1 Enjoysap | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors. | |||||
CVE-2008-0734 | 1 Limbo Cms | 1 Limbo Cms | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php. | |||||
CVE-2007-0302 | 1 Instantasp | 1 Instantasp | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx. | |||||
CVE-2006-3507 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.2 HIGH | N/A |
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. | |||||
CVE-2008-1281 | 1 Argontechnology | 1 Client Management Services | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
CVE-2008-0870 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2024-02-04 | 7.5 HIGH | N/A |
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. |