Total
259291 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6457 | 1 Netwin | 1 Surgemail | 2024-02-04 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header. | |||||
| CVE-2007-2670 | 1 Globalmegacorp | 1 Phpchain | 2024-02-04 | 4.3 MEDIUM | N/A |
| PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations. | |||||
| CVE-2007-0349 | 1 Nicecoder | 1 Indexu | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter. | |||||
| CVE-2008-1128 | 1 Phpmytourney | 1 Phpmytourney | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-5367 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology Stack, and (3) APPS05 in Oracle Balanced Scorecard, (4) APPS09 in Oracle Scripting, and (5) APPS10 in Oracle Trading Community. | |||||
| CVE-2007-6482 | 2 Linux, Sun | 4 Linux Kernel, Ray Server Software, Solaris and 1 more | 2024-02-04 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2007-6630 | 1 Feng | 1 Feng | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request. | |||||
| CVE-2007-3464 | 1 Sofaware | 1 Safe At Office 500 Utm | 2024-02-04 | 8.5 HIGH | N/A |
| Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors. | |||||
| CVE-2007-1574 | 1 Care2x | 1 Care2x | 2024-02-04 | 5.0 MEDIUM | N/A |
| CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5340 | 1 Oracle | 1 Database Server | 2024-02-04 | 7.1 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package. | |||||
| CVE-2007-6204 | 1 Hp | 1 Openview Network Node Manager | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe. | |||||
| CVE-2007-3334 | 3 Ca, Ingres, Microsoft | 3 Etrust Secure Content Manager, Database Server, All Windows | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-0648 | 1 Opensiteadmin | 1 Opensiteadmin | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/. | |||||
| CVE-2006-7185 | 1 Cmsmelborp | 1 Cmsmelborp | 2024-02-04 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter. | |||||
| CVE-2007-3502 | 1 Kaspersky Lab | 1 Kaspersky Anti-spam | 2024-02-04 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories. | |||||
| CVE-2007-2594 | 1 Phpmyportal | 1 Phpmyportal | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter. | |||||
| CVE-2006-5416 | 1 F5 | 1 Firepass 1000 | 2024-02-04 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2007-0421 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 6.4 MEDIUM | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log. | |||||
| CVE-2007-5724 | 1 Omnistar Interactive | 1 Omnistar Live | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php. | |||||
| CVE-2008-0873 | 1 Jlmzone | 1 Classifieds | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action. | |||||