Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1036 | 1 Jboss | 1 Jboss Application Server | 2018-10-16 | 7.5 HIGH | N/A |
| The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. | |||||
| CVE-2007-0981 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 7.5 HIGH | N/A |
| Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. | |||||
| CVE-2007-0932 | 2 Alcatel-lucent, Aruba | 2 Omniaccess Wireless, Mobility Controller | 2018-10-16 | 7.5 HIGH | N/A |
| The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. | |||||
| CVE-2007-0541 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 5.0 MEDIUM | N/A |
| WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. | |||||
| CVE-2007-0471 | 1 Checkpoint | 1 Connectra Ngx | 2018-10-16 | 7.5 HIGH | N/A |
| sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. | |||||
| CVE-2006-7047 | 1 Shoutpro | 1 Shoutpro | 2018-10-16 | 5.0 MEDIUM | N/A |
| include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution. | |||||
| CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2018-10-16 | 5.0 MEDIUM | N/A |
| Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | |||||
| CVE-2008-0843 | 1 Statcountex | 1 Statcountex | 2018-10-15 | 6.4 MEDIUM | N/A |
| StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp. | |||||
| CVE-2008-0779 | 1 Fortinet | 1 Forticlient Host Security | 2018-10-15 | 7.2 HIGH | N/A |
| The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request. | |||||
| CVE-2008-0632 | 1 Lightblog | 1 Lightblog | 2018-10-15 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory. | |||||
| CVE-2008-0628 | 1 Sun | 2 Jdk, Jre | 2018-10-15 | 7.8 HIGH | N/A |
| The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. | |||||
| CVE-2008-0581 | 1 Moernaut | 2 Lsrunase, Supercrypt | 2018-10-15 | 7.2 HIGH | N/A |
| Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch. | |||||
| CVE-2008-0580 | 1 Geert Moernaut | 2 Lsrunase, Supercrypt | 2018-10-15 | 2.1 LOW | N/A |
| Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering. | |||||
| CVE-2008-0372 | 1 8e6 | 1 R3000 Internet Filter | 2018-10-15 | 5.0 MEDIUM | N/A |
| 8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request. | |||||
| CVE-2008-0375 | 1 Oki Printing Solutions | 1 C5510 Mfp Printer | 2018-10-15 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. | |||||
| CVE-2008-0135 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2018-10-15 | 5.0 MEDIUM | N/A |
| Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb. | |||||
| CVE-2007-6709 | 1 Linksys | 1 Wag54gs | 2018-10-15 | 7.5 HIGH | N/A |
| The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2007-6650 | 1 Bitweaver | 1 R2 Cms | 2018-10-15 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file. | |||||
| CVE-2007-6600 | 1 Postgresql | 1 Postgresql | 2018-10-15 | 6.5 MEDIUM | N/A |
| PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. | |||||
| CVE-2007-6598 | 1 Dovecot | 1 Dovecot | 2018-10-15 | 6.8 MEDIUM | N/A |
| Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. | |||||