Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3764 | 1 Till Gerken | 1 Phppolls | 2018-10-17 | 5.0 MEDIUM | N/A |
| Till Gerken phpPolls 1.0.3 allows remote attackers to create a new poll via a direct request to phpPollAdmin.php3 with the poll_action parameter set to create. | |||||
| CVE-2006-3763 | 1 Dieselscripts | 1 Diesel Joke Site | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3762 | 1 Touch Control | 1 Activex Control | 2018-10-17 | 7.5 HIGH | N/A |
| The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a "file///" URI in the sPath parameter to the Execute function. | |||||
| CVE-2006-3757 | 1 Zen Cart | 1 Zen Cart | 2018-10-17 | 5.0 MEDIUM | N/A |
| index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability. | |||||
| CVE-2006-3753 | 1 Professional Home Page Tools | 1 Professional Home Page Tools Guestbook | 2018-10-17 | 6.4 MEDIUM | N/A |
| setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash. | |||||
| CVE-2006-3746 | 1 Gnupg | 1 Gnupg | 2018-10-17 | 5.0 MEDIUM | N/A |
| Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message. | |||||
| CVE-2006-3740 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 X | 2018-10-17 | 7.2 HIGH | N/A |
| Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections. | |||||
| CVE-2006-3739 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 X | 2018-10-17 | 7.2 HIGH | N/A |
| Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow. | |||||
| CVE-2006-3737 | 1 Swsoft | 1 Plesk Control Panel | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in filemanager/filemanager.php in the control panel in SWsoft Plesk 8.0 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2006-3721 | 1 Oracle | 1 Enterprise Manager | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Management Service for Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors, aka Oracle Vuln# EM03 and EM04. | |||||
| CVE-2006-3722 | 1 Oracle | 1 Peoplesoft Enterprise | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01. | |||||
| CVE-2006-3723 | 1 Oracle | 1 Peoplesoft Enterprise | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.8 with Enforcer Portal Pack Bundle #10 and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE02. | |||||
| CVE-2006-3724 | 1 Oracle | 1 Enterpriseone | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in JD Edwards HTML Server for Oracle OneWorld Tools EnterpriseOne Tools 8.95 and 8.96 has unknown impact and attack vectors, aka Oracle Vuln# JDE01. | |||||
| CVE-2006-3725 | 1 Symantec | 1 Norton Personal Firewall | 2018-10-17 | 2.1 LOW | N/A |
| Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc and (2) HKLM\SYSTEM\CurrentControlSet\Services\SymEvent registry keys. | |||||
| CVE-2007-0421 | 1 Bea | 1 Weblogic Server | 2018-10-17 | 6.4 MEDIUM | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log. | |||||
| CVE-2007-0412 | 1 Bea | 1 Weblogic Server | 2018-10-17 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files. | |||||
| CVE-2007-0410 | 1 Bea | 1 Weblogic Server | 2018-10-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events." | |||||
| CVE-2006-5868 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2018-10-17 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | |||||
| CVE-2006-5277 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2018-10-17 | 9.3 HIGH | N/A |
| Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. | |||||
| CVE-2006-4093 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-10-17 | 4.9 MEDIUM | N/A |
| Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." | |||||
| CVE-2006-3818 | 1 Novell | 1 Groupwise Webaccess | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter. | |||||
| CVE-2016-5080 | 1 Objective Systems | 1 Asn1c | 2018-10-17 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data. | |||||
| CVE-2015-6937 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-10-17 | 4.9 MEDIUM | N/A |
| The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. | |||||
| CVE-2007-3494 | 1 Papoo | 1 Papoo | 2018-10-16 | 6.8 MEDIUM | N/A |
| Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact. | |||||
| CVE-2007-3480 | 1 Pc Soft | 1 Windev | 2018-10-16 | 7.1 HIGH | N/A |
| PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file. | |||||
| CVE-2007-3491 | 1 Progress | 1 Openedge | 2018-10-16 | 7.5 HIGH | N/A |
| Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. | |||||
| CVE-2007-3489 | 1 Checkpoint | 1 Vpn-1 Utm Edge | 2018-10-16 | 9.3 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface. | |||||
| CVE-2007-3496 | 1 Sap | 4 Netweaver Nw04, Netweaver Nw04s, Sap Basis Component 640 and 1 more | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
| CVE-2007-3495 | 1 Sap | 2 Sap Basis Component 640, Sap Basis Component 700 | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page. | |||||
| CVE-2007-3492 | 1 Conti | 1 Ftpserver | 2018-10-16 | 6.8 MEDIUM | N/A |
| Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command. | |||||
| CVE-2007-3479 | 1 Pc Soft | 1 Windev | 2018-10-16 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file. | |||||
| CVE-2007-3396 | 1 Key Focus | 1 Kf Web Server | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter. | |||||
| CVE-2007-3465 | 1 Sofaware | 1 Safe At Office 500 Utm | 2018-10-16 | 10.0 HIGH | N/A |
| Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password. | |||||
| CVE-2007-3464 | 1 Sofaware | 1 Safe At Office 500 Utm | 2018-10-16 | 8.5 HIGH | N/A |
| Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors. | |||||
| CVE-2007-3463 | 1 Microsoft | 1 Windows Xp | 2018-10-16 | 4.6 MEDIUM | N/A |
| ** DISPUTED ** Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account." | |||||
| CVE-2007-3462 | 1 Sofaware | 1 Safe At Office 500 Utm | 2018-10-16 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network. | |||||
| CVE-2007-3394 | 1 Endonesia | 1 Endonesia | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873. | |||||
| CVE-2007-3453 | 1 Papoo | 1 Papoo | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components. | |||||
| CVE-2007-3435 | 1 Rkd Software | 1 Barcode Activex | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-3432 | 1 Pluxml | 1 Pluxml | 2018-10-16 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename. | |||||
| CVE-2007-3459 | 1 Civiltech | 1 Avax Vector Activex | 2018-10-16 | 6.4 MEDIUM | N/A |
| A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method. | |||||
| CVE-2007-3427 | 1 Zoneo-soft | 1 Phptraffica | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action. | |||||
| CVE-2007-3426 | 1 Zoneo-soft | 1 Phptraffica | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2007-3425 | 1 Zoneo-soft | 1 Phptraffica | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2. | |||||
| CVE-2007-3409 | 1 Nlnet Labs | 1 Net Dns | 2018-10-16 | 4.3 MEDIUM | N/A |
| Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. | |||||
| CVE-2007-3407 | 1 Sergey Lyubka | 1 Simple Httpd | 2018-10-16 | 5.0 MEDIUM | N/A |
| Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20). | |||||
| CVE-2007-3402 | 1 Pagetool | 1 Pagetool | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action. | |||||
| CVE-2007-3398 | 1 Perception | 1 Liteweb | 2018-10-16 | 5.0 MEDIUM | N/A |
| LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages. | |||||
| CVE-2007-3392 | 1 Wireshark | 1 Wireshark | 2018-10-16 | 5.0 MEDIUM | N/A |
| Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. | |||||
| CVE-2007-3388 | 1 Trolltech | 1 Qt | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. | |||||