Total
258074 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-3303 | 1 Apache | 1 Http Server | 2023-12-10 | 4.9 MEDIUM | N/A |
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments. | |||||
CVE-2008-0283 | 1 Domphp | 1 Domphp | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
CVE-2007-4924 | 2 Ekiga, Openh323 Project | 2 Ekiga, Openh323 | 2023-12-10 | 5.0 MEDIUM | N/A |
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address." | |||||
CVE-2007-2032 | 1 Cisco | 1 Wireless Control System | 2023-12-10 | 7.5 HIGH | N/A |
Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. | |||||
CVE-2007-0476 | 1 Gentoo | 1 Linux | 2023-12-10 | 4.6 MEDIUM | N/A |
The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2007-3735 | 1 Mozilla | 2 Firefox, Thunderbird | 2023-12-10 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. | |||||
CVE-2007-5799 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | |||||
CVE-2006-6819 | 1 Alstrasoft | 1 Webhost Directory | 2023-12-10 | 6.4 MEDIUM | N/A |
AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. | |||||
CVE-2006-6961 | 1 Webroot Software | 1 Spy Sweeper | 2023-12-10 | 6.8 MEDIUM | N/A |
WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name. | |||||
CVE-2008-0202 | 1 Expressionengine | 1 Expressionengine | 2023-12-10 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter. | |||||
CVE-2007-0334 | 1 Ingate | 1 Firewall And Siparator | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. | |||||
CVE-2007-3721 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 2.1 LOW | N/A |
The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | |||||
CVE-2006-6076 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup, Brightstor Arcserve Backup, Brightstor Arcserve Backup Agent | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502. | |||||
CVE-2007-4630 | 1 Xigla | 1 Absolute Poll Manager Xe | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
CVE-2007-1179 | 1 Web-app.org | 1 Webapp | 2023-12-10 | 5.0 MEDIUM | N/A |
WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks. | |||||
CVE-2007-2367 | 1 Wserve Http Server | 1 Wserve Http Server | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI. | |||||
CVE-2007-0635 | 1 Encapscms | 1 Encapscms | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php. | |||||
CVE-2007-3476 | 1 Gd Graphics Library | 1 Gdlib | 2023-12-10 | 4.3 MEDIUM | N/A |
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. | |||||
CVE-2006-7009 | 1 Joomla | 1 Joomla | 2023-12-10 | 7.5 HIGH | N/A |
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | |||||
CVE-2006-4577 | 1 The Address Book | 1 The Address Book | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php. |