Vulnerabilities (CVE)

Total 259462 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5378 1 Tcl Tk 1 Tk Toolkit 2024-02-04 4.3 MEDIUM N/A
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
CVE-2007-5492 1 Sitebar 1 Sitebar 2024-02-04 4.6 MEDIUM N/A
Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter.
CVE-2006-3888 1 Aol 1 Ygp Pic Downloader Activex Control 2024-02-04 7.5 HIGH N/A
Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.
CVE-2007-1713 1 B21soft 1 Basp21 2024-02-04 6.4 MEDIUM N/A
CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines.
CVE-2007-0618 1 Ibm 1 Aix 2024-02-04 7.5 HIGH N/A
Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
CVE-2007-5665 1 Novell 1 Zenworks Endpoint Security Management 2024-02-04 7.2 HIGH N/A
STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory.
CVE-2007-5815 1 Sonicwall 2 Ssl Vpn2000\/4000, Ssl Vpn 200 2024-02-04 10.0 HIGH N/A
Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method.
CVE-2007-2992 1 Omegasoft 1 Interneserviceslosungen 2024-02-04 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields.
CVE-2007-5482 1 Sun 2 Storagetek 3510, Storedge 2024-02-04 6.4 MEDIUM N/A
Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors.
CVE-2006-6933 1 Efs Software 1 Easy Chat Server 2024-02-04 7.8 HIGH N/A
Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0339 1 Scriptme 1 Sme Filemailer 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information.
CVE-2007-0936 1 Microsoft 2 Office, Visio 2024-02-04 9.3 HIGH N/A
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
CVE-2006-6703 1 Oracle 2 Oracle10g, Oracle9i 2024-02-04 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
CVE-2007-0501 1 Mafia Scum Tools 1 Mafia Scum Tools 2024-02-04 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.
CVE-2007-0360 1 Oreon Project 1 Oreon 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-2686 1 Jetbox 1 Jetbox Cms 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task.
CVE-2007-6429 1 X.org 3 Evi, Mit-shm, Xserver 2024-02-04 9.3 HIGH N/A
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
CVE-2008-0808 1 Ikiwiki 1 Ikiwiki 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.
CVE-2007-3363 1 Ageet 1 Agephone 2024-02-04 10.0 HIGH N/A
Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets.
CVE-2007-6518 1 Woltlab 1 Burning Board Lite 2024-02-04 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.