Total
259289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3439 | 1 Snom | 2 320 Sip Phone, Snom 320 Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800. | |||||
| CVE-2007-1998 | 1 Hiox India | 1 Guest Book | 2024-02-04 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php. | |||||
| CVE-2007-5842 | 1 Vortex Portal | 1 Vortex Portal | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php. | |||||
| CVE-2007-6606 | 1 Openbiblio | 1 Openbiblio | 2024-02-04 | 5.0 MEDIUM | N/A |
| OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2007-4895 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter. | |||||
| CVE-2008-0928 | 1 Qemu | 1 Qemu | 2024-02-04 | 4.7 MEDIUM | N/A |
| Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. | |||||
| CVE-2007-2576 | 1 East Wind Software | 1 Advdaudio.ocx | 2024-02-04 | 6.8 MEDIUM | N/A |
| Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976. | |||||
| CVE-2006-5450 | 1 Kinesis | 1 Kinesis Interactive Cinema System | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters. | |||||
| CVE-2006-5386 | 1 Nuralstorm | 1 Nuralstorm Webmail | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in process.php in NuralStorm Webmail 0.98b and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DEFAULT_SKIN parameter. | |||||
| CVE-2007-6600 | 1 Postgresql | 1 Postgresql | 2024-02-04 | 6.5 MEDIUM | N/A |
| PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. | |||||
| CVE-2007-6535 | 1 Yahoo | 1 Toolbar | 2024-02-04 | 6.8 MEDIUM | N/A |
| Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method. | |||||
| CVE-2007-5917 | 1 Skalinks | 1 Skalinks | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters. | |||||
| CVE-2006-6361 | 1 Bitflux | 1 Upload Progress Meter | 2024-02-04 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the uploadprogress_php_rfc1867_file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted HTTP POST fileupload requests. | |||||
| CVE-2006-7230 | 1 Pcre | 1 Pcre | 2024-02-04 | 4.3 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. | |||||
| CVE-2008-1113 | 2 Cisco, Vocera Communications | 2 7921 Wireless Ip Phone, Vocera Communications Badge | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2007-6004 | 1 Toko | 1 Instan | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action. | |||||
| CVE-2006-5064 | 1 Birdblog | 1 Birdblog | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-1129 | 1 Mtcms | 1 Mtcms | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action. | |||||
| CVE-2007-0800 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. | |||||
| CVE-2007-2730 | 3 Checkpoint, Comodo, Microsoft | 6 Zonealarm, Comodo Firewall Pro, Comodo Personal Firewall and 3 more | 2024-02-04 | 7.2 HIGH | N/A |
| Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. | |||||