Total
28417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6214 | 1 Learnloop | 1 Learnloop | 2024-02-28 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database. | |||||
CVE-2007-2583 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Mysql | 2024-02-28 | 4.0 MEDIUM | N/A |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. | |||||
CVE-2008-0369 | 1 Ibm | 1 Informix Dynamic Server | 2024-02-28 | 6.9 MEDIUM | N/A |
Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs. | |||||
CVE-2007-5529 | 1 Oracle | 1 E-business Suite | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Oracle Self-Service Web Applications component in client-only installations of Oracle E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka APP08. | |||||
CVE-2007-6431 | 1 Adobe | 2 Connect Enterprise Server, Flash Media Server 2 | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to "take control of the affected system" via unspecified vectors, a different issue than CVE-2007-6148 and CVE-2007-6149. | |||||
CVE-2008-0495 | 1 Ibm | 1 Hardware Management Console | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2007-6501 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-28 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. | |||||
CVE-2008-0346 | 1 Oracle | 5 Application Server, Collaboration Suite, Database Server and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01. | |||||
CVE-2007-6491 | 1 Kvaliitti | 1 Webdoc Cms | 2024-02-28 | 10.0 HIGH | N/A |
Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp. | |||||
CVE-2007-0980 | 3 Hp, Redhat, Suse | 4 Serviceguard For Linux, Enterprise Linux, Suse Linux and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. | |||||
CVE-2007-4372 | 2 Microsoft, Netwin | 2 Windows 2003 Server, Surgemail | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
CVE-2007-0459 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets. | |||||
CVE-2007-5270 | 1 Bendiken | 1 Boost Module For Drupal | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Boost module before 4.7.x-1.0, and 5.x before 5.x-1.0, for Drupal allows remote attackers to create or overwrite arbitrary files, and conduct cross-site scripting attacks (XSS) via unspecified vectors. | |||||
CVE-2008-1205 | 1 Sun | 1 Solaris | 2024-02-28 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
CVE-2006-5039 | 1 Joomla | 2 Com Events, Events Module | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors. | |||||
CVE-2007-5510 | 1 Oracle | 1 Database Server | 2024-02-28 | 6.5 MEDIUM | N/A |
Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka (1) DB08, (2) DB09, (3) DB10, (4) DB11, (5) DB12, (6) DB13, (7) DB14, (8) DB15, (9) DB16, (10) DB17, and (11) DB18. NOTE: one of these issues is probably CVE-2007-5511, but there are insufficient details to be certain. | |||||
CVE-2007-3854 | 1 Oracle | 9 Apex, Application Server, Collaboration Suite and 6 more | 2024-02-28 | 5.5 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow. | |||||
CVE-2007-1261 | 1 Openbiblio | 1 Openbiblio | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors. | |||||
CVE-2007-2445 | 2 Linux, Png Reference Library | 2 Linux Kernel, Libpng | 2024-02-28 | 5.0 MEDIUM | N/A |
The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. | |||||
CVE-2007-6337 | 2 Clam Anti-virus, Gentoo | 2 Clamav, Linux | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. |