Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5231 | 1 Novell | 1 Iprint | 2008-11-26 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431. | |||||
| CVE-2008-2432 | 1 Novell | 1 Iprint | 2008-11-26 | 5.0 MEDIUM | N/A |
| Insecure method vulnerability in the GetFileList method in an unspecified ActiveX control in Novell iPrint Client before 5.06 allows remote attackers to list the image files in an arbitrary directory via a directory name in the argument. | |||||
| CVE-2008-2429 | 1 Calendarix | 1 Basic | 2008-11-26 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2. | |||||
| CVE-2008-5109 | 1 Adobe | 1 Flash Media Server | 2008-11-26 | 5.0 MEDIUM | N/A |
| The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software. | |||||
| CVE-2007-1489 | 1 Web-app.org | 1 Webapp | 2008-11-23 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2008-5151 | 1 Abottoms | 1 Mayavi | 2008-11-18 | 6.9 MEDIUM | N/A |
| test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file. | |||||
| CVE-2008-5135 | 1 Debian | 1 Os-prober | 2008-11-18 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users." | |||||
| CVE-2008-5146 | 1 Erl Wustl | 1 Ctn | 2008-11-18 | 6.9 MEDIUM | N/A |
| add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file. | |||||
| CVE-2008-5087 | 1 Typo3 | 2 Another Backend Login, Typo3 | 2008-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-5067 | 1 Kkeim | 1 Kmita Catalogue | 2008-11-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4407 | 1 Debian | 1 Xsabre | 2008-11-15 | 2.1 LOW | N/A |
| XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten. | |||||
| CVE-2008-4571 | 1 Plone | 1 Plone | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag. | |||||
| CVE-2008-3967 | 1 Mybb | 1 Mybb | 2008-11-15 | 7.5 HIGH | N/A |
| moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. | |||||
| CVE-2008-3966 | 1 Mybb | 1 Mybb | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. | |||||
| CVE-2008-3965 | 1 Mybb | 1 Mybb | 2008-11-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. | |||||
| CVE-2007-6685 | 1 Menalto | 1 Gallery Publish Xp Module | 2008-11-15 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | |||||
| CVE-2007-6715 | 1 Mozilla | 1 Firefox | 2008-11-15 | 4.3 MEDIUM | N/A |
| Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case. | |||||
| CVE-2007-6705 | 1 Ibm | 1 Websphere Mq | 2008-11-15 | 3.3 LOW | N/A |
| The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. | |||||
| CVE-2007-6699 | 1 Aol | 1 Ygp Piceditor Activex Control | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values. | |||||
| CVE-2007-6696 | 1 Webcalendar | 1 Webcalendar | 2008-11-15 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication. | |||||
| CVE-2007-6693 | 1 Menalto | 1 Gallery Webcam Module | 2008-11-15 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request." | |||||
| CVE-2007-6692 | 1 Menalto | 1 Gallery | 2008-11-15 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. | |||||
| CVE-2007-6691 | 1 Menalto | 1 Gallery | 2008-11-15 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules. | |||||
| CVE-2007-6690 | 1 Menalto | 1 Gallery | 2008-11-15 | 10.0 HIGH | N/A |
| The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. | |||||
| CVE-2007-6689 | 1 Menalto | 1 Gallery | 2008-11-15 | 7.5 HIGH | N/A |
| Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module. | |||||
| CVE-2007-6687 | 1 Menalto | 1 Gallery | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module. | |||||
| CVE-2007-6686 | 1 Menalto | 1 Gallery | 2008-11-15 | 10.0 HIGH | N/A |
| The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller. | |||||
| CVE-2007-6670 | 1 Phpcredo | 1 Phcdownload | 2008-11-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter. | |||||
| CVE-2007-6617 | 1 Atlassian | 1 Jira | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6619 | 1 Atlassian | 1 Jira | 2008-11-15 | 7.5 HIGH | N/A |
| The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language. | |||||
| CVE-2007-6618 | 1 Atlassian | 1 Jira | 2008-11-15 | 5.0 MEDIUM | N/A |
| JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID. | |||||
| CVE-2007-6611 | 1 Mantis | 1 Mantis | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php. | |||||
| CVE-2007-6645 | 1 Joomla | 1 Joomla | 2008-11-15 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability." | |||||
| CVE-2007-6644 | 1 Joomla | 1 Joomla | 2008-11-15 | 6.5 MEDIUM | N/A |
| Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model. | |||||
| CVE-2007-6643 | 1 Joomla | 1 Joomla | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-6461 | 1 Flyspray | 1 Flyspray | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function. | |||||
| CVE-2007-6308 | 1 Httplogger | 1 Httplogger | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-6463 | 1 Php Real Estate Script | 1 Classifieds | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes." | |||||
| CVE-2007-6376 | 1 Francisco Burzi | 1 Php-nuke | 2008-11-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6363 | 1 Ibm | 1 Tivoli Netcool Security Manager | 2008-11-15 | 2.1 LOW | N/A |
| IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password. | |||||
| CVE-2007-6357 | 1 Microsoft | 1 Access | 2008-11-15 | 5.8 MEDIUM | N/A |
| Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944. | |||||
| CVE-2007-6320 | 1 Drupal | 1 Feature Module | 2008-11-15 | 4.3 MEDIUM | N/A |
| Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks. | |||||
| CVE-2007-6418 | 1 Debian | 1 Debian Linux | 2008-11-15 | 2.1 LOW | N/A |
| The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments. | |||||
| CVE-2007-6300 | 1 Fusion News | 1 Fusion News | 2008-11-15 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors. | |||||
| CVE-2007-6208 | 1 Claws Mail | 1 Claws Mail Tools | 2008-11-15 | 3.6 LOW | N/A |
| sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file. | |||||
| CVE-2007-6218 | 1 Ossigeno | 1 Cms | 2008-11-15 | 5.0 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234. | |||||
| CVE-2007-6098 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2008-11-15 | 7.5 HIGH | N/A |
| Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection. | |||||
| CVE-2007-6094 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2008-11-15 | 4.3 MEDIUM | N/A |
| The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS). | |||||
| CVE-2007-6031 | 1 Van Dyke Technologies | 1 Vshell | 2008-11-15 | 7.8 HIGH | N/A |
| Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
| CVE-2007-6095 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2008-11-15 | 4.0 MEDIUM | N/A |
| The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. | |||||