Total
28399 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3845 | 2 Microsoft, Mozilla | 4 Windows Xp, Firefox, Seamonkey and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
| Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." | |||||
| CVE-2006-5333 | 1 Oracle | 1 Database Server | 2024-02-28 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQL injection in the SDO_DROP_USER_BEFORE package using a Trigger for a DROP USER statement in an anonymous PL/SQL block. | |||||
| CVE-2008-1191 | 1 Sun | 2 Jdk, Jre | 2024-02-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue." | |||||
| CVE-2006-3434 | 1 Microsoft | 1 Office | 2024-02-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. | |||||
| CVE-2007-5521 | 1 Oracle | 2 Application Server, Collaboration Suite | 2024-02-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.3.3, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS06. | |||||
| CVE-2007-0067 | 1 Ibm | 1 Lotus Domino Web Server | 2024-02-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files. | |||||
| CVE-2006-5345 | 1 Oracle | 1 Database Server | 2024-02-28 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to "length checking" in the RELATE function before MD2.RELATE is called. | |||||
| CVE-2007-6419 | 1 Hp | 1 Hp-ux | 2024-02-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2008-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. | |||||
| CVE-2007-0271 | 1 Oracle | 1 Database Server | 2024-02-28 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution. | |||||
| CVE-2006-4097 | 1 Cisco | 1 Secure Access Control Server | 2024-02-28 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. | |||||
| CVE-2006-5336 | 1 Oracle | 1 Database Server | 2024-02-28 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln# DB05) and (2) sys.dbms_cdc_isubscribe (DB06). NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB05 is for SQL injection in CREATE_CHANGE_TABLE and CHANGE_TABLE_TRIGGER, and DB06 is for PL/SQL injection in the PREPARE_UNBOUNDED_VIEW procedure. | |||||
| CVE-2007-6688 | 1 Menalto | 1 Gallery | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." | |||||
| CVE-2007-6241 | 1 Beehive Forum | 1 Beehive Forum | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unknown "critical" impact and attack vectors, different issues than CVE-2007-6014. | |||||
| CVE-2007-4833 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789. | |||||
| CVE-2007-5921 | 1 Sun | 1 Sunos | 2024-02-28 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346. | |||||
| CVE-2007-5775 | 1 Bitdefender | 3 Antivirus, Internet Security, Total Security | 2024-02-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-6194 | 1 Hp | 1 Select Identity | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 and 4.1x before 4.13.003 allows remote attackers to obtain unspecified access via unknown vectors. | |||||
| CVE-2007-4402 | 1 Mirc | 1 Mirc | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file. | |||||
| CVE-2007-6685 | 1 Menalto | 1 Gallery Publish Xp Module | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | |||||