Total
260505 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4542 | 1 University Of Minnesota | 1 Mapserver | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program. | |||||
| CVE-2007-4513 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv. | |||||
| CVE-2006-4980 | 1 Python | 1 Python | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. | |||||
| CVE-2006-4871 | 1 Keyvan1 | 1 Eshoppingpro | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2007-2800 | 1 Eticket | 1 Eticket | 2024-02-04 | 5.0 MEDIUM | N/A |
| index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages. | |||||
| CVE-2008-0002 | 1 Apache | 1 Tomcat | 2024-02-04 | 5.8 MEDIUM | N/A |
| Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception. | |||||
| CVE-2006-5886 | 1 Dynamic Dataworx | 1 Nurealestate | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter. | |||||
| CVE-2006-6732 | 1 Cwm-design | 1 Cwmvote | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter. | |||||
| CVE-2008-0753 | 1 Vwar | 1 Virtual War | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter. | |||||
| CVE-2006-6133 | 2 Businessobjects, Microsoft | 2 Crystal Reports Xi, Visual Studio .net | 2024-02-04 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. | |||||
| CVE-2006-6521 | 1 Scriptphp | 1 Messageriescripthp | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | |||||
| CVE-2007-6422 | 1 Apache | 1 Http Server | 2024-02-04 | 4.0 MEDIUM | N/A |
| The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. | |||||
| CVE-2007-6411 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file. | |||||
| CVE-2008-0440 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2024-02-04 | 5.0 MEDIUM | N/A |
| AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. | |||||
| CVE-2008-0244 | 1 Sap | 1 Maxdb | 2024-02-04 | 10.0 HIGH | N/A |
| SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. | |||||
| CVE-2008-0348 | 1 Oracle | 5 Application Server, Collaboration Suite, Database Server and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04. | |||||
| CVE-2007-5522 | 1 Oracle | 1 Application Server | 2024-02-04 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07. | |||||
| CVE-2006-6762 | 1 Novell | 1 Netmail | 2024-02-04 | 4.0 MEDIUM | N/A |
| The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. | |||||
| CVE-2006-6815 | 1 Dmxready | 1 Dmxready Secure Login Manager | 2024-02-04 | 6.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel. | |||||
| CVE-2007-2780 | 1 Psychostats | 1 Psychostats | 2024-02-04 | 5.0 MEDIUM | N/A |
| PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message. | |||||