Total
29529 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6691 | 1 Menalto | 1 Gallery | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules. | |||||
| CVE-2007-6690 | 1 Menalto | 1 Gallery | 2024-11-21 | 10.0 HIGH | N/A |
| The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. | |||||
| CVE-2007-6688 | 1 Menalto | 1 Gallery | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." | |||||
| CVE-2007-6686 | 1 Menalto | 1 Gallery | 2024-11-21 | 10.0 HIGH | N/A |
| The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller. | |||||
| CVE-2007-6685 | 1 Menalto | 1 Gallery Publish Xp Module | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | |||||
| CVE-2007-6679 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected. | |||||
| CVE-2007-6610 | 1 Debian | 1 Unp | 2024-11-21 | 10.0 HIGH | N/A |
| unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product. | |||||
| CVE-2007-6552 | 1 Auracms | 1 Auracms | 2024-11-21 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request. | |||||
| CVE-2007-6549 | 1 Runcms | 1 Runcms | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." | |||||
| CVE-2007-6534 | 1 Microsoft | 1 Publisher | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | |||||
| CVE-2007-6532 | 1 Xfce | 1 Xfce | 2024-11-21 | 10.0 HIGH | N/A |
| Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management." | |||||
| CVE-2007-6529 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php. | |||||
| CVE-2007-6525 | 1 Ibm | 1 Db2 Content Manager Toolkit | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting." | |||||
| CVE-2007-6521 | 1 Opera | 1 Opera Browser | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. | |||||
| CVE-2007-6519 | 1 Hp | 1 Tru64 | 2024-11-21 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors. | |||||
| CVE-2007-6504 | 1 Hosting Controller | 1 Hosting Controller | 2024-11-21 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter. | |||||
| CVE-2007-6501 | 1 Hosting Controller | 1 Hosting Controller | 2024-11-21 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. | |||||
| CVE-2007-6500 | 1 Hosting Controller | 1 Hosting Controller | 2024-11-21 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. | |||||
| CVE-2007-6491 | 1 Kvaliitti | 1 Webdoc Cms | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp. | |||||
| CVE-2007-6487 | 1 Plain Black | 1 Webgui | 2024-11-21 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680. | |||||