Total
260444 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-3719 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | |||||
CVE-2006-6842 | 1 Codemonkeyx | 1 Acronym Mod | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2006-4387 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.6 MEDIUM | N/A |
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. | |||||
CVE-2007-4497 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2024-02-04 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors. | |||||
CVE-2007-0190 | 1 Edit-x | 1 Ecommerce | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | |||||
CVE-2006-4724 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. | |||||
CVE-2007-3092 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks. | |||||
CVE-2006-4877 | 1 David Bennett | 1 Php-post | 2024-02-04 | 5.0 MEDIUM | N/A |
Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php. | |||||
CVE-2006-4797 | 1 Cj Design | 1 Cj Tag Board | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter. | |||||
CVE-2007-5841 | 1 Nuboard | 1 Nuboard | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. | |||||
CVE-2007-4709 | 1 Apple | 1 Mac Os X | 2024-02-04 | 8.8 HIGH | N/A |
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. | |||||
CVE-2007-6225 | 1 Sun | 1 Solaris | 2024-02-04 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors. | |||||
CVE-2008-0505 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. | |||||
CVE-2007-1137 | 1 Sourceforge | 1 Putmail | 2024-02-04 | 5.0 MEDIUM | N/A |
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information. | |||||
CVE-2008-1214 | 2 Linux, Numara | 2 Linux Kernel, Footprints | 2024-02-04 | 7.5 HIGH | N/A |
MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-4295 | 1 Cisco | 1 Ios | 2024-02-04 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749. | |||||
CVE-2008-0914 | 1 Ipdiva | 1 Ipdiva | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2007-2863 | 2 Broadcom, Ca | 6 Anti-virus For The Enterprise, Brightstor Arcserve Backup, Brightstor Enterprise Backup and 3 more | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file. | |||||
CVE-2006-5241 | 1 Opendock | 1 Easy Gallery | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts. | |||||
CVE-2007-2511 | 1 Php | 1 Php | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. |