Total
259396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1177 | 1 Affiliate Market | 1 Affiliate Market | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1218 | 1 Tcpdump | 1 Tcpdump | 2024-02-04 | 6.8 MEDIUM | N/A |
| Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based. | |||||
| CVE-2007-5860 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation." | |||||
| CVE-2006-5603 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-3032 | 1 Microsoft | 1 Windows Vista | 2024-02-04 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported. | |||||
| CVE-2006-6399 | 1 Superfreaker Studios | 1 Upublisher | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2007-2710 | 1 Nagiosql | 1 Nagiosql | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2957 | 1 Mcafee | 1 E-business Server | 2024-02-04 | 9.3 HIGH | N/A |
| Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow. | |||||
| CVE-2007-5810 | 1 Hitachi | 14 Cosminexus Application Server Enterprise, Cosminexus Application Server Standard, Cosminexus Developer Light Version 6 and 11 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. | |||||
| CVE-2006-4950 | 1 Cisco | 1 Ios | 2024-02-04 | 10.0 HIGH | N/A |
| Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. | |||||
| CVE-2007-0105 | 1 Cisco | 1 Secure Access Control Server | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | |||||
| CVE-2006-5444 | 1 Digium | 1 Asterisk | 2024-02-04 | 7.5 HIGH | N/A |
| Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. | |||||
| CVE-2007-4506 | 1 Joomla | 1 Neorecruit | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action. | |||||
| CVE-2008-0874 | 1 Xoops | 1 Eempregos Module | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
| CVE-2006-6266 | 1 Microsoft | 1 Teredo | 2024-02-04 | 6.8 MEDIUM | N/A |
| Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties. | |||||
| CVE-2007-4510 | 2 Clam Anti-virus, Kolab | 2 Clamav, Kolab Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2110 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2024-02-04 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). | |||||
| CVE-2007-4348 | 1 Ibm | 1 Tivoli Storage Manager Client | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface. | |||||
| CVE-2007-3034 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Server 2003 and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. | |||||
| CVE-2006-5403 | 1 Symantec | 4 Automated Support Assistant, Norton Antivirus, Norton Internet Security and 1 more | 2024-02-04 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||