Total
259454 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0852 | 1 Freesshd | 1 Freesshd | 2024-02-04 | 5.0 MEDIUM | N/A |
| freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference. | |||||
| CVE-2007-3192 | 1 Jffnms | 1 Just For Fun Network Management System | 2024-02-04 | 9.4 HIGH | N/A |
| admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request. | |||||
| CVE-2007-2256 | 1 Tjschat | 1 Tjschat | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2006-7175 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2024-02-04 | 7.5 HIGH | N/A |
| The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. | |||||
| CVE-2007-5347 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 6.8 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." | |||||
| CVE-2007-3419 | 1 Web-app.org | 1 Webapp | 2024-02-04 | 7.5 HIGH | N/A |
| The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-3744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.8 MEDIUM | N/A |
| Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2008-0834 | 1 Ibm | 1 Lotus Quickr | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2156 | 1 Rezervi Generic | 1 Rezervi Generic | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/. | |||||
| CVE-2007-2044 | 1 Antonis Ventouris | 1 Weather Module | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
| CVE-2007-5419 | 1 3com | 1 3crwe554g72t | 2024-02-04 | 10.0 HIGH | N/A |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. | |||||
| CVE-2006-6142 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." | |||||
| CVE-2007-3132 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp. | |||||
| CVE-2008-0349 | 1 Oracle | 5 Application Server, Collaboration Suite, Database Server and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02. | |||||
| CVE-2006-5805 | 1 Microsoft | 1 Ie | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. | |||||
| CVE-2007-2334 | 1 Nortel | 2 Contivity, Vpn Router 5000 | 2024-02-04 | 7.5 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. | |||||
| CVE-2007-6369 | 1 Wordpress | 1 Pictpress | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) size or (2) path parameter. | |||||
| CVE-2007-2323 | 1 Intervideo | 1 Home Theater | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the (1) GetDiscType or (2) AddFileList method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3337 | 1 Ingres | 1 Database Server | 2024-02-04 | 2.1 LOW | N/A |
| wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. | |||||
| CVE-2007-4305 | 5 Netbsd, Openbsd, Sysjail and 2 more | 5 Netbsd, Openbsd, Sysjail and 2 more | 2024-02-04 | 6.2 MEDIUM | N/A |
| Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. | |||||