Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1182 | 1 Web-app.org | 1 Webapp | 2011-03-07 | 6.4 MEDIUM | N/A |
| WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact. | |||||
| CVE-2007-1183 | 1 Web-app.org | 1 Webapp | 2011-03-07 | 7.5 HIGH | N/A |
| WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors. | |||||
| CVE-2007-1184 | 1 Web-app.org | 1 Webapp | 2011-03-07 | 5.0 MEDIUM | N/A |
| The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data. | |||||
| CVE-2007-1185 | 1 Web-app.org | 1 Webapp | 2011-03-07 | 5.0 MEDIUM | N/A |
| The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-1186 | 1 Web-app.org | 1 Webapp | 2011-03-07 | 5.0 MEDIUM | N/A |
| WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact. | |||||
| CVE-2007-1187 | 1 Web-app.org | 1 Webapp | 2011-03-07 | 5.5 MEDIUM | N/A |
| WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches. | |||||
| CVE-2007-1188 | 1 Web-app.org | 1 Webapp | 2011-03-07 | 7.5 HIGH | N/A |
| WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking". | |||||
| CVE-2007-1193 | 1 Orangehrm | 1 Orangehrm | 2011-03-07 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors. | |||||
| CVE-2007-1230 | 1 Wordpress | 1 Wordpress | 2011-03-07 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049. | |||||
| CVE-2007-1287 | 1 Php | 1 Php | 2011-03-07 | 4.3 MEDIUM | N/A |
| A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. | |||||
| CVE-2007-1307 | 2 Intel, Lenovo | 2 Pro 1000 Lan Adapter, Thinkpad | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors. | |||||
| CVE-2007-1309 | 1 Novell | 1 Access Manager | 2011-03-07 | 9.0 HIGH | N/A |
| Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. | |||||
| CVE-2007-1325 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-03-07 | 7.1 HIGH | N/A |
| The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin. | |||||
| CVE-2007-1346 | 1 Sun | 1 Sun Fire | 2011-03-07 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server. | |||||
| CVE-2007-1357 | 1 Linux | 1 Linux Kernel | 2011-03-07 | 7.8 HIGH | N/A |
| The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum. | |||||
| CVE-2007-0525 | 1 Grigoriadis | 1 Mini Web Server | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors. | |||||
| CVE-2007-0535 | 1 Vote Pro | 1 Vote Pro | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0547 | 1 Cgi-rescue | 1 Webform | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-0553 | 1 Phproxy | 1 Phproxy | 2011-03-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0564 | 1 Symantec | 1 Web Security | 2011-03-07 | 4.0 MEDIUM | N/A |
| The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. | |||||