Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1249 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2008-11-14 | 5.0 MEDIUM | N/A |
| The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop. | |||||
| CVE-2005-1252 | 1 Ipswitch | 2 Imail, Imail Server | 2008-11-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. | |||||
| CVE-2005-1254 | 1 Ipswitch | 1 Imail | 2008-11-14 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. | |||||
| CVE-2005-0392 | 1 Debian | 1 Ppxp | 2008-11-14 | 7.2 HIGH | N/A |
| ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. | |||||
| CVE-2007-4944 | 1 Opera | 1 Opera Browser | 2008-11-14 | 5.0 MEDIUM | N/A |
| The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript. | |||||
| CVE-2007-3617 | 1 Vtiger | 1 Vtiger Crm | 2008-11-12 | 4.0 MEDIUM | N/A |
| The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. | |||||
| CVE-2007-3603 | 1 Vtiger | 1 Vtiger Crm | 2008-11-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. | |||||
| CVE-2007-3604 | 1 Vtiger | 1 Vtiger Crm | 2008-11-12 | 4.0 MEDIUM | N/A |
| vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. | |||||
| CVE-2007-3335 | 1 Phpecho Cms | 1 Phpecho Cms | 2008-11-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-2906 | 1 Sun | 1 Java Embedding Plugin | 2008-11-12 | 5.0 MEDIUM | N/A |
| Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method. | |||||
| CVE-2007-2480 | 1 Linux | 1 Linux Kernel | 2008-11-12 | 4.6 MEDIUM | N/A |
| The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications. | |||||
| CVE-2007-2318 | 1 Filezilla | 1 Filezilla | 2008-11-12 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2382 | 1 Mad4milk | 1 Moo.fx | 2008-11-12 | 5.0 MEDIUM | N/A |
| The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2376 | 1 Dojo Toolkit | 1 Dojo Toolkit | 2008-11-12 | 5.0 MEDIUM | N/A |
| The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2378 | 1 Google | 1 Web Toolkit | 2008-11-12 | 5.0 MEDIUM | N/A |
| The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2380 | 1 Microsoft | 1 Atlas Framework | 2008-11-12 | 5.0 MEDIUM | N/A |
| The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2381 | 1 Mochikit | 1 Mochikit Framework | 2008-11-12 | 5.0 MEDIUM | N/A |
| The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2384 | 1 Script.aculo.us | 1 Script.aculo.us | 2008-11-12 | 7.8 HIGH | N/A |
| The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2385 | 1 Yahoo | 1 Ui Library | 2008-11-12 | 5.0 MEDIUM | N/A |
| The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2195 | 1 Alvaro | 1 Alvaros Messenger | 2008-11-12 | 5.0 MEDIUM | N/A |
| aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337. | |||||