Vulnerabilities (CVE)

Total 260608 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6375 1 Bitweaver 1 Bitweaver 2024-02-04 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue.
CVE-2007-5225 1 Sun 1 Sunos 2024-02-04 4.9 MEDIUM N/A
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
CVE-2007-1072 1 Cisco 12 Unified Ip Phone 7906g, Unified Ip Phone 7911g, Unified Ip Phone 7941g and 9 more 2024-02-04 7.2 HIGH N/A
The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.
CVE-2007-5487 1 Cowon America 1 Jetaudio 2024-02-04 9.3 HIGH N/A
Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file.
CVE-2006-6791 1 Chatwm 1 Chatwm 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters.
CVE-2007-6094 1 Ingate 2 Ingate Firewall, Ingate Siparator 2024-02-04 4.3 MEDIUM N/A
The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS).
CVE-2007-0116 1 Digger Solutions 1 Intranet Open Source 2024-02-04 7.5 HIGH N/A
Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb.
CVE-2007-3491 1 Progress 1 Openedge 2024-02-04 7.5 HIGH N/A
Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.
CVE-2007-2717 1 Igeneric 1 Ig Shop 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.
CVE-2007-4446 1 Toribash 1 Toribash 2024-02-04 7.5 HIGH N/A
Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.
CVE-2007-0194 1 Mkportal 1 Mkportal 2024-02-04 7.8 HIGH N/A
admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.
CVE-2007-1144 1 Comscripts 1 J-web Pics Navigator 2024-02-04 5.0 MEDIUM N/A
Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.
CVE-2007-3401 1 B1g 1 B1gbb 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter.
CVE-2007-2370 1 Xoops 1 John Mordo Jobs Module 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.
CVE-2008-1127 1 Crytek 1 Crysis 2024-02-04 6.0 MEDIUM N/A
Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.
CVE-2007-6543 1 Esyndicat 1 Esyndicat Link Exchange 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4969 1 Sysinternals 1 Process Monitor 2024-02-04 4.4 MEDIUM N/A
Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey.
CVE-2007-1529 1 Microsoft 1 Windows Vista 2024-02-04 4.3 MEDIUM N/A
The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack.
CVE-2007-3675 1 Kaspersky Lab 1 Online Scanner 2024-02-04 9.3 HIGH N/A
Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows.
CVE-2007-1969 1 Sam Crew 1 Myblog 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter.