Total
258075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5537 | 1 D-link | 1 Dsl-g624t | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. | |||||
| CVE-2006-5480 | 1 Castor | 1 Php Web Builder | 2024-02-28 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter. | |||||
| CVE-2006-6133 | 2 Businessobjects, Microsoft | 2 Crystal Reports Xi, Visual Studio .net | 2024-02-28 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. | |||||
| CVE-2007-5214 | 1 Axis | 1 2100 Network Camera | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. | |||||
| CVE-2007-3385 | 1 Apache | 1 Tomcat | 2024-02-28 | 4.3 MEDIUM | N/A |
| Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. | |||||
| CVE-2007-3238 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. | |||||
| CVE-2007-1432 | 1 Grayscale | 1 Grayscale Blog | 2024-02-28 | 7.5 HIGH | N/A |
| Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php. | |||||
| CVE-2007-4227 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
| Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. | |||||
| CVE-2007-3739 | 2 Apple, Redhat | 2 Powerpc, Enterprise Linux | 2024-02-28 | 4.7 MEDIUM | N/A |
| mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. | |||||
| CVE-2007-0023 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.9 MEDIUM | N/A |
| The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user. | |||||
| CVE-2007-4137 | 6 Conectiva, Gentoo, Mandrakesoft and 3 more | 8 Linux, Linux, Mandrake Linux and 5 more | 2024-02-28 | 7.5 HIGH | N/A |
| Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. | |||||
| CVE-2007-6136 | 1 M2scripts | 1 My Space Scripts Poll Creator | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6018 | 1 Horde | 4 Framework, Groupware Webmail Edition, Horde and 1 more | 2024-02-28 | 5.8 MEDIUM | N/A |
| IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. | |||||
| CVE-2007-5094 | 1 Ipswitch | 1 Imail | 2024-02-28 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line. | |||||
| CVE-2007-2393 | 1 Apple | 1 Quicktime | 2024-02-28 | 9.3 HIGH | N/A |
| The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. | |||||
| CVE-2006-6942 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. | |||||
| CVE-2008-0007 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
| Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. | |||||
| CVE-2008-0765 | 1 Artmedic Webdesign | 1 Artmedic Weblog | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in artmedic webdesign weblog allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to artmedic_print.php and the (2) jahrneu parameter to index.php. | |||||
| CVE-2007-0430 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.9 MEDIUM | N/A |
| The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | |||||
| CVE-2006-7034 | 9 Apple, Hp, Ibm and 6 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. | |||||