ReportizFlow
Filtered by vendor
Subscriptions
Total
29885 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1891 | 1 Akamai Technologies | 1 Download Manager | 2025-04-09 | N/A |
| Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. | ||||
| CVE-2007-2079 | 1 Xampp | 1 Apache Distribution | 2025-04-09 | N/A |
| The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. | ||||
| CVE-2007-1997 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | N/A |
| Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. | ||||
| CVE-2007-1061 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). | ||||
| CVE-2007-4704 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. | ||||
| CVE-2007-4624 | 1 Abledesign | 1 Dynamic Picture Frame | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4615 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. | ||||
| CVE-2007-4275 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | N/A |
| Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd. | ||||
| CVE-2007-4312 | 1 Php Blue Dragon | 1 Php Blue Dragon Cms | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action. | ||||
| CVE-2007-4323 | 1 Denyhosts | 1 Denyhosts | 2025-04-09 | N/A |
| DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301. | ||||
| CVE-2007-4340 | 1 Phpdvd | 1 Phpdvd | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the dvd_config_file parameter. | ||||
| CVE-2007-4354 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2006-6008 | 1 Netkit | 1 Netkit | 2025-04-09 | N/A |
| ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. | ||||
| CVE-2006-6018 | 1 Jim Plush | 1 My-bic | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089. NOTE: this issue is disputed by CVE and third party researchers because INC_PATH is a constant | ||||
| CVE-2007-4373 | 1 Rndlabs | 1 Babo Violent | 2025-04-09 | N/A |
| The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes. | ||||
| CVE-2007-4393 | 1 Suse | 1 Suse Linux | 2025-04-09 | N/A |
| The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions. | ||||
| CVE-2007-4449 | 1 Toribash | 1 Toribash | 2025-04-09 | N/A |
| The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command. | ||||
| CVE-2006-3436 | 1 Microsoft | 1 .net Framework | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". | ||||
| CVE-2007-4482 | 1 Wordpress | 1 Pool | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2007-4179 | 1 Hp | 2 Address And Routing Parameter Area\(arpa\) Transport, Hp-ux | 2025-04-09 | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from CVE-2007-0916, but this is not certain due to lack of vendor details. | ||||