Vulnerabilities (CVE)

Total 259333 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5846 1 Freewebshop 1 Freewebshop 2024-02-04 6.4 MEDIUM N/A
Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2006-5773.
CVE-2008-0756 1 Cyan Soft 6 Cyanprintip Basic, Cyanprintip Easy Opi, Cyanprintip Professional and 3 more 2024-02-04 5.0 MEDIUM N/A
The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a "Send queue state" LPD command 3 or (2) a "Send queue state" LPD command 4.
CVE-2007-6457 1 Netwin 1 Surgemail 2024-02-04 5.0 MEDIUM N/A
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
CVE-2007-2670 1 Globalmegacorp 1 Phpchain 2024-02-04 4.3 MEDIUM N/A
PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations.
CVE-2007-0349 1 Nicecoder 1 Indexu 2024-02-04 5.0 MEDIUM N/A
Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter.
CVE-2008-1128 1 Phpmytourney 1 Phpmytourney 2024-02-04 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-5367 1 Oracle 1 E-business Suite 2024-02-04 9.0 HIGH N/A
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology Stack, and (3) APPS05 in Oracle Balanced Scorecard, (4) APPS09 in Oracle Scripting, and (5) APPS10 in Oracle Trading Community.
CVE-2007-6482 2 Linux, Sun 4 Linux Kernel, Ray Server Software, Solaris and 1 more 2024-02-04 7.8 HIGH N/A
Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
CVE-2007-6630 1 Feng 1 Feng 2024-02-04 5.0 MEDIUM N/A
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request.
CVE-2007-3464 1 Sofaware 1 Safe At Office 500 Utm 2024-02-04 8.5 HIGH N/A
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
CVE-2007-1574 1 Care2x 1 Care2x 2024-02-04 5.0 MEDIUM N/A
CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5340 1 Oracle 1 Database Server 2024-02-04 7.1 HIGH N/A
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package.
CVE-2007-6204 1 Hp 1 Openview Network Node Manager 2024-02-04 10.0 HIGH N/A
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.
CVE-2007-3334 3 Ca, Ingres, Microsoft 3 Etrust Secure Content Manager, Database Server, All Windows 2024-02-04 10.0 HIGH N/A
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2008-0648 1 Opensiteadmin 1 Opensiteadmin 2024-02-04 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/.
CVE-2006-7185 1 Cmsmelborp 1 Cmsmelborp 2024-02-04 9.3 HIGH N/A
PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.
CVE-2007-3502 1 Kaspersky Lab 1 Kaspersky Anti-spam 2024-02-04 7.5 HIGH N/A
Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories.
CVE-2007-2594 1 Phpmyportal 1 Phpmyportal 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter.
CVE-2006-5416 1 F5 1 Firepass 1000 2024-02-04 5.1 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
CVE-2007-0421 1 Bea 1 Weblogic Server 2024-02-04 6.4 MEDIUM N/A
BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.