Total
259400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6896 | 1 Plantronic | 1 Headset | 2024-02-04 | 5.4 MEDIUM | N/A |
| The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations. | |||||
| CVE-2007-4887 | 1 Php | 1 Php | 2024-02-04 | 4.3 MEDIUM | N/A |
| The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. | |||||
| CVE-2007-0273 | 1 Oracle | 1 Database Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2007-0279 | 1 Oracle | 2 E-business Suite, Http Server | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. | |||||
| CVE-2007-3264 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors. | |||||
| CVE-2007-2889 | 1 Dokeos | 1 Open Source Learning And Knowledge Management Tool | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. | |||||
| CVE-2008-0852 | 1 Freesshd | 1 Freesshd | 2024-02-04 | 5.0 MEDIUM | N/A |
| freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference. | |||||
| CVE-2007-3192 | 1 Jffnms | 1 Just For Fun Network Management System | 2024-02-04 | 9.4 HIGH | N/A |
| admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request. | |||||
| CVE-2007-2256 | 1 Tjschat | 1 Tjschat | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2006-7175 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2024-02-04 | 7.5 HIGH | N/A |
| The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. | |||||
| CVE-2007-5347 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 6.8 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." | |||||
| CVE-2007-3419 | 1 Web-app.org | 1 Webapp | 2024-02-04 | 7.5 HIGH | N/A |
| The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-3744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.8 MEDIUM | N/A |
| Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2008-0834 | 1 Ibm | 1 Lotus Quickr | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2156 | 1 Rezervi Generic | 1 Rezervi Generic | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/. | |||||
| CVE-2007-2044 | 1 Antonis Ventouris | 1 Weather Module | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
| CVE-2007-5419 | 1 3com | 1 3crwe554g72t | 2024-02-04 | 10.0 HIGH | N/A |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. | |||||
| CVE-2006-6142 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." | |||||
| CVE-2007-3132 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp. | |||||
| CVE-2008-0349 | 1 Oracle | 5 Application Server, Collaboration Suite, Database Server and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02. | |||||