Total
262164 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0905 | 2 Php, Trustix | 2 Php, Secure Linux | 2024-02-28 | 7.5 HIGH | N/A |
| PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. | |||||
| CVE-2006-6396 | 1 Blazevideo | 1 Hdtv Player | 2024-02-28 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199. NOTE: it was later reported that 3.5 is also affected. | |||||
| CVE-2007-5361 | 1 Alcatel-lucent | 1 Omnipcx | 2024-02-28 | 8.5 HIGH | N/A |
| The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename. | |||||
| CVE-2007-3885 | 1 Aspindir | 1 Husrevforum | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4407 | 1 Universal Ircd | 1 Ircu | 2024-02-28 | 6.4 MEDIUM | N/A |
| ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass. | |||||
| CVE-2007-1201 | 1 Microsoft | 5 Biztalk Server, Commerce Server, Internet Security And Acceleration Server and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
| Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." | |||||
| CVE-2007-2627 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622. | |||||
| CVE-2006-7154 | 1 Iono | 1 Iono | 2024-02-28 | 5.0 MEDIUM | N/A |
| Iono allows remote attackers to obtain the full server path via certain requests to (1) templates/iono/admin/denied.tpl.php, (2) templates/iono/admin/index.tpl.php, and (a) other unspecified files in templates/. | |||||
| CVE-2007-2854 | 1 Bti-tracker | 1 Bti-tracker | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter. | |||||
| CVE-2007-0729 | 1 Apple | 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
| Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. | |||||
| CVE-2007-5197 | 4 Debian, Mono, Opensuse and 1 more | 6 Debian Linux, Mono, Opensuse and 3 more | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. | |||||
| CVE-2007-1417 | 1 Hc Design | 1 Newssystem | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion. | |||||
| CVE-2007-1087 | 1 Ibm | 1 Db2 | 2024-02-28 | 7.2 HIGH | N/A |
| IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | |||||
| CVE-2008-0769 | 1 Opentext | 1 Livelink Ecm | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. | |||||
| CVE-2006-6616 | 1 W00t Gallery | 1 W00t Gallery | 2024-02-28 | 6.0 MEDIUM | N/A |
| index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6140 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execute arbitrary PHP code via a URL in the slnt parameter to (1) index.php and (2) print.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4828 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1309 | 1 Novell | 1 Access Manager | 2024-02-28 | 9.0 HIGH | N/A |
| Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. | |||||
| CVE-2006-6431 | 1 Xerox | 1 Workcentre | 2024-02-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors. | |||||
| CVE-2006-6946 | 1 Nec | 1 Multiwriter 1700c | 2024-02-28 | 7.5 HIGH | N/A |
| The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors. | |||||