Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5872 | 1 Dws Systems Inc. | 1 Sql-ledger | 2024-02-28 | 7.5 HIGH | N/A |
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program. | |||||
CVE-2006-5867 | 1 Fetchmail | 1 Fetchmail | 2024-02-28 | 7.8 HIGH | N/A |
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. | |||||
CVE-2007-6103 | 1 Ihu | 1 I Hear U | 2024-02-28 | 5.0 MEDIUM | N/A |
I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp. | |||||
CVE-2006-6954 | 1 Flock | 1 Flock | 2024-02-28 | 4.3 MEDIUM | N/A |
Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | |||||
CVE-2007-5926 | 1 Openbase International Ltd | 1 Openbase | 2024-02-28 | 9.0 HIGH | N/A |
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures. | |||||
CVE-2007-1155 | 1 Webspell | 1 Webspell | 2024-02-28 | 4.6 MEDIUM | N/A |
Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED. | |||||
CVE-2007-4344 | 1 Acdsee | 3 Photo Editor, Photo Manager, Pro Photo Manager | 2024-02-28 | 9.3 HIGH | N/A |
Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow. | |||||
CVE-2007-6534 | 1 Microsoft | 1 Publisher | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | |||||
CVE-2007-4915 | 1 Boa | 1 Boa Webserver | 2024-02-28 | 10.0 HIGH | N/A |
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request. | |||||
CVE-2007-0683 | 1 Omegaboard Project | 1 Omegaboard | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2007-4911 | 1 Cowon America | 1 Jetcast Server | 2024-02-28 | 5.0 MEDIUM | N/A |
JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to cause a denial of service (daemon crash) via a long .mp3 URI to TCP port 8000. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-5086 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2024-02-28 | 2.1 LOW | N/A |
Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that "it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms." | |||||
CVE-2007-5762 | 1 Novell | 1 Netware Client | 2024-02-28 | 7.2 HIGH | N/A |
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. | |||||
CVE-2006-5974 | 1 Fetchmail | 1 Fetchmail | 2024-02-28 | 7.8 HIGH | N/A |
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions. | |||||
CVE-2008-0241 | 1 Sun | 1 Java System Identity Manager | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. | |||||
CVE-2007-6218 | 1 Ossigeno | 1 Cms | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234. | |||||
CVE-2007-6094 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2024-02-28 | 4.3 MEDIUM | N/A |
The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS). | |||||
CVE-2007-6278 | 1 Flac | 1 Libflac | 2024-02-28 | 9.3 HIGH | N/A |
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. | |||||
CVE-2007-6133 | 1 Devmass | 1 Devmass Cart | 2024-02-28 | 5.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter. | |||||
CVE-2006-5084 | 1 Skype Technologies | 1 Skype | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference. |