Total
262164 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-3042 | 1 Meneame | 1 Meneame | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2006-5586 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-02-28 | 7.2 HIGH | N/A |
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." | |||||
CVE-2007-5053 | 1 Izicontents | 1 Izicontents | 2024-02-28 | 7.5 HIGH | N/A |
Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php; or a URL in the language_home parameter to (3) search/search.php, (4) poll/inlinepoll.php, (5) poll/showpoll.php, (6) links/showlinks.php, or (7) links/submit_links.php in modules/; related to missing checks in (a) modules/moduleSec.php and (b) include/includeSec.php for inclusion of certain URLs, as demonstrated by an ftps:// URL. | |||||
CVE-2007-6687 | 1 Menalto | 1 Gallery | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module. | |||||
CVE-2007-4170 | 1 Al-athkar | 1 Al-athkar | 2024-02-28 | 10.0 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php. | |||||
CVE-2006-6015 | 1 Apple | 1 Mac Os X | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. | |||||
CVE-2008-1223 | 1 Dokeos | 1 Open Source Learning And Knowledge Management Tool | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2007-1169 | 1 Trend Micro | 1 Serverprotect | 2024-02-28 | 5.0 MEDIUM | N/A |
The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network. | |||||
CVE-2007-5930 | 1 Cerberus | 1 Ftp Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-0912 | 1 Sybase | 2 Mobilink, Sql Anywhere | 2024-02-28 | 10.0 HIGH | N/A |
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-6429 | 1 X.org | 3 Evi, Mit-shm, Xserver | 2024-02-28 | 9.3 HIGH | N/A |
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. | |||||
CVE-2007-3102 | 2 Fedora Project, Openbsd | 2 Fedora Core, Openssh | 2024-02-28 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-6569 | 1 Sun | 2 Java System Web Proxy Server, Java System Web Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. | |||||
CVE-2007-1629 | 1 Active Web Softwares | 1 Active Photo Gallery | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
CVE-2007-6013 | 2 Fedoraproject, Wordpress | 2 Fedora, Wordpress | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. | |||||
CVE-2007-3586 | 1 Mycms | 1 Mycms | 2024-02-28 | 7.5 HIGH | N/A |
Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files. | |||||
CVE-2006-5811 | 1 Openemr | 1 Openemr | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[srcdir] parameter. | |||||
CVE-2007-5228 | 1 Drupal | 1 Drupal Project Issue Tracking | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors involving a (1) individual or (2) overview form. | |||||
CVE-2006-6769 | 1 Php Live | 1 Php Live | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php. | |||||
CVE-2007-4119 | 1 Berthanas Ziyaretci | 1 Defteri | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Ziyaretci Defteri 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) Pass fields. |