Total
259173 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1178 | 1 Web-app.org | 1 Webapp | 2024-02-04 | 7.5 HIGH | N/A |
WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors. | |||||
CVE-2007-5421 | 2024-02-04 | N/A | N/A | ||
** REJECT ** Multiple stack-based buffer overflows in Cisco IOS 12.x and IOS XR allow attackers to execute arbitrary code, as demonstrated via the "Bind Shell", "Reverse Shell", and "Two byte rootshell (Tiny Shell)" attacks. NOTE: the vendor and researcher agree that this issue does not cross privilege boundaries, saying they do not "represent a vulnerability." The disclosure was intended to demonstrate techniques for exploitation, which is not covered by CVE. | |||||
CVE-2007-4362 | 1 Prozilla | 1 Webring | 2024-02-04 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
CVE-2006-5372 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 9.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS11 for Oracle Universal Work Queue and (2) APPS12 for Oracle Application Object Library. | |||||
CVE-2006-6749 | 1 Openser | 1 Openser | 2024-02-04 | 9.3 HIGH | N/A |
Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter. | |||||
CVE-2007-1016 | 1 Aktueldownload | 1 Aktueldownload Haber Script | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate. | |||||
CVE-2007-3257 | 1 Gnome | 1 Evolution | 2024-02-04 | 6.8 MEDIUM | N/A |
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | |||||
CVE-2007-4659 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | |||||
CVE-2008-0554 | 1 Netpbm | 1 Netpbm | 2024-02-04 | 6.8 MEDIUM | N/A |
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. | |||||
CVE-2007-1979 | 1 Xoops | 1 Xoops Popnupblog | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected. | |||||
CVE-2007-4202 | 1 Guidance Software | 1 Encase | 2024-02-04 | 4.3 MEDIUM | N/A |
Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image. | |||||
CVE-2006-6513 | 1 Flippet.org | 1 Winamp Web Interface | 2024-02-04 | 3.5 LOW | N/A |
The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function. | |||||
CVE-2007-3676 | 1 Ibm | 1 Db2 | 2024-02-04 | 10.0 HIGH | N/A |
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698. | |||||
CVE-2007-1024 | 1 Marcello Vitagliano | 1 Meganoides News | 2024-02-04 | 10.0 HIGH | N/A |
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. | |||||
CVE-2007-1983 | 1 Cyboards | 1 Cyboards Php Lite | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871. | |||||
CVE-2007-3232 | 1 Ibm | 1 Totalstorage Ds400 | 2024-02-04 | 10.0 HIGH | N/A |
The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000. | |||||
CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | |||||
CVE-2006-5742 | 1 Airmagnet | 1 Enterprise | 2024-02-04 | 5.0 MEDIUM | N/A |
The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application Scripting (XAS)". | |||||
CVE-2007-2282 | 1 Cisco | 1 Netflow Collection Engine | 2024-02-04 | 10.0 HIGH | N/A |
Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system. | |||||
CVE-2006-6096 | 1 Dotnetindex | 1 Active News Manager | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. |