Total
259227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5225 | 1 Sun | 1 Sunos | 2024-02-04 | 4.9 MEDIUM | N/A |
| Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl. | |||||
| CVE-2007-1072 | 1 Cisco | 12 Unified Ip Phone 7906g, Unified Ip Phone 7911g, Unified Ip Phone 7941g and 9 more | 2024-02-04 | 7.2 HIGH | N/A |
| The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063. | |||||
| CVE-2007-5487 | 1 Cowon America | 1 Jetaudio | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file. | |||||
| CVE-2006-6791 | 1 Chatwm | 1 Chatwm | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters. | |||||
| CVE-2007-6094 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2024-02-04 | 4.3 MEDIUM | N/A |
| The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS). | |||||
| CVE-2007-0116 | 1 Digger Solutions | 1 Intranet Open Source | 2024-02-04 | 7.5 HIGH | N/A |
| Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb. | |||||
| CVE-2007-3491 | 1 Progress | 1 Openedge | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. | |||||
| CVE-2007-2717 | 1 Igeneric | 1 Ig Shop | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. | |||||
| CVE-2007-4446 | 1 Toribash | 1 Toribash | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game. | |||||
| CVE-2007-0194 | 1 Mkportal | 1 Mkportal | 2024-02-04 | 7.8 HIGH | N/A |
| admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message. | |||||
| CVE-2007-1144 | 1 Comscripts | 1 J-web Pics Navigator | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
| CVE-2007-3401 | 1 B1g | 1 B1gbb | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter. | |||||
| CVE-2007-2370 | 1 Xoops | 1 John Mordo Jobs Module | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. | |||||
| CVE-2008-1127 | 1 Crytek | 1 Crysis | 2024-02-04 | 6.0 MEDIUM | N/A |
| Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed. | |||||
| CVE-2007-6543 | 1 Esyndicat | 1 Esyndicat Link Exchange | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4969 | 1 Sysinternals | 1 Process Monitor | 2024-02-04 | 4.4 MEDIUM | N/A |
| Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey. | |||||
| CVE-2007-1529 | 1 Microsoft | 1 Windows Vista | 2024-02-04 | 4.3 MEDIUM | N/A |
| The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. | |||||
| CVE-2007-3675 | 1 Kaspersky Lab | 1 Online Scanner | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows. | |||||
| CVE-2007-1969 | 1 Sam Crew | 1 Myblog | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2007-1725 | 1 Icebb | 1 Icebb | 2024-02-04 | 9.3 HIGH | N/A |
| SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. | |||||