Total
259211 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0570 | 1 Drupal | 1 Openid | 2024-02-04 | 5.0 MEDIUM | N/A |
The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers. | |||||
CVE-2007-1594 | 1 Asterisk | 1 Asterisk | 2024-02-04 | 7.8 HIGH | N/A |
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. | |||||
CVE-2007-2235 | 1 Punbb | 1 Punbb | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php. | |||||
CVE-2006-6870 | 1 Avahi | 1 Avahi | 2024-02-04 | 5.0 MEDIUM | N/A |
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. | |||||
CVE-2007-0092 | 1 E-smart Cart | 1 E-smart Cart | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | |||||
CVE-2007-4818 | 1 Txx Cms | 1 Txx Cms | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4) mail/mailbox.php in modules/. | |||||
CVE-2006-6293 | 1 F-prot | 1 F-prot Antivirus | 2024-02-04 | 7.5 HIGH | N/A |
Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294. | |||||
CVE-2008-1112 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-0928. Reason: This candidate is a duplicate of CVE-2008-0928. Notes: All CVE users should reference CVE-2008-0928 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2007-2080 | 1 Xampp | 1 Apache Distribution | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. | |||||
CVE-2006-6668 | 1 Verliadmin | 1 Verliadmin | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-0636 | 1 Level Platforms | 1 Managed Workplace Service Center | 2024-02-04 | 5.0 MEDIUM | N/A |
Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information. | |||||
CVE-2007-6176 | 1 Amensa-soft | 1 K\+b-bestellsystem | 2024-02-04 | 10.0 HIGH | N/A |
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. | |||||
CVE-2006-4842 | 2 Netscape, Sun | 2 Portable Runtime Api, Solaris | 2024-02-04 | 3.6 LOW | N/A |
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | |||||
CVE-2007-2973 | 1 Avira | 2 Antivir, Av Pack | 2024-02-04 | 7.8 HIGH | N/A |
Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive. | |||||
CVE-2007-6421 | 1 Apache | 1 Http Server | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. | |||||
CVE-2007-5911 | 1 Viewpoint | 1 Media Player | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple stack-based buffer overflows in the AxMetaStream ActiveX control in AxMetaStream.dll 3.3.2.26 in Viewpoint Media Player 3.2 allow remote attackers to execute arbitrary code via a long string argument to the (1) BroadcastKey, (2) BroadcastKeyFileURL, (3) Component, (4) ComponentClassID, (5) ComponentFileName, (6) ExtraProperty, (7) Properties, (8) RequiredVersions, (9) Source, or (10) XMLText method. | |||||
CVE-2007-0124 | 1 Drupal | 1 Drupal | 2024-02-04 | 3.5 LOW | N/A |
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. | |||||
CVE-2007-3207 | 1 Novell | 1 Client | 2024-02-04 | 7.1 HIGH | N/A |
Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request. | |||||
CVE-2008-0806 | 1 Paul Pelzl | 1 Wyrd | 2024-02-04 | 3.6 LOW | N/A |
wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file. | |||||
CVE-2007-2962 | 1 Particle Soft | 1 Particle Gallery | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter. |