Total
258074 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5785 | 1 Sap | 1 Sap Web Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999. | |||||
CVE-2008-0853 | 2 Joomla, Mambo | 2 Com Detail, Com Detail | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE. | |||||
CVE-2007-1970 | 1 Mozilla | 1 Firefox | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks. | |||||
CVE-2007-4231 | 1 Idevspot | 1 Phphostbot | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776. | |||||
CVE-2007-3557 | 1 Wheatblog | 1 Wheatblog | 2023-12-10 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. | |||||
CVE-2007-6055 | 1 Liferay | 1 Portal | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date. | |||||
CVE-2007-6105 | 1 Talkback | 1 Talkback | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php. | |||||
CVE-2006-7185 | 1 Cmsmelborp | 1 Cmsmelborp | 2023-12-10 | 9.3 HIGH | N/A |
PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter. | |||||
CVE-2006-6976 | 1 Centipaid | 1 Centipaid | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter. | |||||
CVE-2007-2743 | 1 Glossword | 1 Glossword | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter. | |||||
CVE-2006-5820 | 1 Aol | 1 Aol | 2023-12-10 | 9.3 HIGH | N/A |
The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. | |||||
CVE-2007-2877 | 1 Tcl Tk | 1 Tcl Tk | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths. | |||||
CVE-2007-6261 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.9 MEDIUM | N/A |
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. | |||||
CVE-2007-0675 | 1 Microsoft | 1 Windows Vista | 2023-12-10 | 7.6 HIGH | N/A |
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. | |||||
CVE-2007-2211 | 1 Mybulletinboard | 1 Mybulletinboard | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action. | |||||
CVE-2007-5599 | 1 Awrate | 1 Awrate | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368. | |||||
CVE-2006-7206 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2023-12-10 | 7.8 HIGH | N/A |
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. | |||||
CVE-2007-4198 | 1 Brian Carrier | 1 The Slueth Kit | 2023-12-10 | 4.3 MEDIUM | N/A |
The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read. | |||||
CVE-2006-6676 | 1 Eset Software | 1 Nod32 Antivirus | 2023-12-10 | 9.3 HIGH | N/A |
Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow. | |||||
CVE-2007-0118 | 1 Edittag | 1 Edittag | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl. |