Total
260633 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6543 | 1 Esyndicat | 1 Esyndicat Link Exchange | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-4969 | 1 Sysinternals | 1 Process Monitor | 2024-02-04 | 4.4 MEDIUM | N/A |
Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey. | |||||
CVE-2007-1529 | 1 Microsoft | 1 Windows Vista | 2024-02-04 | 4.3 MEDIUM | N/A |
The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. | |||||
CVE-2007-3675 | 1 Kaspersky Lab | 1 Online Scanner | 2024-02-04 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows. | |||||
CVE-2007-1969 | 1 Sam Crew | 1 Myblog | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
CVE-2007-1725 | 1 Icebb | 1 Icebb | 2024-02-04 | 9.3 HIGH | N/A |
SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. | |||||
CVE-2006-6674 | 1 Ozeki | 1 Http-sms Gateway | 2024-02-04 | 2.1 LOW | N/A |
Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information. | |||||
CVE-2006-5410 | 1 Boonex | 1 Dolphin | 2024-02-04 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189. | |||||
CVE-2007-6162 | 1 Wsdeluxe | 1 Fmdeluxe | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action. | |||||
CVE-2007-4038 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-04 | 4.3 MEDIUM | N/A |
Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. | |||||
CVE-2006-6442 | 1 Aol | 1 Aol Client Software | 2024-02-04 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument. | |||||
CVE-2007-6060 | 1 Ahnlab | 1 V3 Internet Security | 2024-02-04 | 9.3 HIGH | N/A |
AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename. | |||||
CVE-2007-2565 | 1 Cdelia Software | 1 Imageprocessing | 2024-02-04 | 7.1 HIGH | N/A |
Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file. | |||||
CVE-2007-5007 | 1 Gnome | 1 Balsa | 2024-02-04 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. | |||||
CVE-2006-5791 | 1 Stefan Ritt | 1 Elog Web Logbook | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function. | |||||
CVE-2007-1419 | 1 Sun | 1 Java Dynamic Management Kit | 2024-02-04 | 4.3 MEDIUM | N/A |
The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user. | |||||
CVE-2007-0677 | 1 Cronosys | 1 Cadre Php Framework | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter. | |||||
CVE-2007-2279 | 1 Symantec | 1 Veritas Storage Foundation | 2024-02-04 | 9.3 HIGH | N/A |
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. | |||||
CVE-2007-0823 | 1 Slackware | 1 Slackware Linux | 2024-02-04 | 1.9 LOW | N/A |
xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability. | |||||
CVE-2007-4359 | 1 Skilmatch Staffing Systems | 1 Joblister3 | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. |