Total
29737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3459 | 1 Civiltech | 1 Avax Vector Activex | 2025-04-09 | N/A |
| A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method. | ||||
| CVE-2006-6306 | 1 Novell | 1 Client | 2025-04-09 | N/A |
| Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window. | ||||
| CVE-2008-3819 | 1 Cisco | 4 Gss 4480 Global Site Selector, Gss 4490 Global Site Selector, Gss 4491 Global Site Selector and 1 more | 2025-04-09 | N/A |
| dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093. | ||||
| CVE-2006-6318 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-09 | N/A |
| The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6333 | 1 Linux | 1 Linux Kernel | 2025-04-09 | N/A |
| The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset. | ||||
| CVE-2008-3837 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. | ||||
| CVE-2006-6341 | 1 Mg.blattl | 1 Mg.applanix | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php. | ||||
| CVE-2007-3445 | 3 Microsoft, Securecomputing, Sj Labs | 3 Windows Mobile, Sch I730 Phone, Sjphone | 2025-04-09 | N/A |
| Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351. | ||||
| CVE-2007-3446 | 1 Bugmall | 1 Shopping Cart | 2025-04-09 | N/A |
| BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access. | ||||
| CVE-2006-6346 | 1 Sap | 1 Internet Graphics Server | 2025-04-09 | N/A |
| Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134. | ||||
| CVE-2007-3453 | 1 Papoo | 1 Papoo | 2025-04-09 | N/A |
| SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components. | ||||
| CVE-2006-6350 | 1 Iisworks | 1 Listpics | 2025-04-09 | N/A |
| listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb. | ||||
| CVE-2006-6351 | 1 Khaledmuratlist | 1 Khaledmuratlist | 2025-04-09 | N/A |
| KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb. | ||||
| CVE-2006-6354 | 1 Duware | 11 Duamazon, Duarticle, Duclassified and 8 more | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976. | ||||
| CVE-2008-4315 | 2 Openpegasus, Redhat | 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | N/A |
| tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. | ||||
| CVE-2006-6355 | 1 Duware | 1 Duclassmate | 2025-04-09 | N/A |
| SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049. | ||||
| CVE-2006-6356 | 1 Phpnews | 1 Phpnews | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter. | ||||
| CVE-2007-3441 | 1 Aastra Telecom | 1 9112i Sip Phone | 2025-04-09 | N/A |
| Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349. | ||||
| CVE-2006-6301 | 1 Denyhosts | 1 Denyhosts | 2025-04-09 | N/A |
| DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression. | ||||
| CVE-2006-6298 | 1 Maxiasp | 1 Yonetimi | 2025-04-09 | N/A |
| SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters. | ||||