Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0085 | 1 Openbsd | 1 Openbsd | 2017-07-28 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference. | |||||
| CVE-2007-0095 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-28 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. | |||||
| CVE-2007-0096 | 1 Carbon Communities | 1 Carbon Communities | 2017-07-28 | 7.5 HIGH | N/A |
| CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. | |||||
| CVE-2007-0101 | 1 Spine | 1 Spine | 2017-07-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0102 | 1 Apple | 1 Preview | 2017-07-28 | 6.8 MEDIUM | N/A |
| The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | |||||
| CVE-2007-0103 | 1 Adobe | 1 Acrobat Reader | 2017-07-28 | 6.8 MEDIUM | N/A |
| The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | |||||
| CVE-2007-0105 | 1 Cisco | 1 Secure Access Control Server | 2017-07-28 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | |||||
| CVE-2007-0108 | 1 Novell | 1 Client | 2017-07-28 | 6.0 MEDIUM | N/A |
| nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. | |||||
| CVE-2007-0114 | 1 Sun | 1 Java System Content Delivery Server | 2017-07-28 | 5.0 MEDIUM | N/A |
| Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors. | |||||
| CVE-2007-0125 | 1 Kaspersky Lab | 1 Kaspersky Antivirus Engine | 2017-07-28 | 5.0 MEDIUM | N/A |
| Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file. | |||||
| CVE-2007-0126 | 1 Opera | 1 Opera Browser | 2017-07-28 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker. | |||||
| CVE-2007-0131 | 1 Jamwiki | 1 Jamwiki | 2017-07-28 | 7.5 HIGH | N/A |
| JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki. | |||||
| CVE-2007-0137 | 1 Serendipitynz | 2 Serene Bach, Serene Bach Sb | 2017-07-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-11324 | 1 Tilde Cms Project | 1 Tilde Cms | 2017-07-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter. | |||||
| CVE-2017-11327 | 1 Tilde Cms Project | 1 Tilde Cms | 2017-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload. | |||||
| CVE-2017-9413 | 1 Subsonic | 1 Subsonic | 2017-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks. | |||||
| CVE-2017-2240 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2017-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | |||||
| CVE-2017-2241 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2017-07-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". | |||||
| CVE-2017-1318 | 1 Ibm | 1 Mq Appliance | 2017-07-28 | 9.0 HIGH | 8.8 HIGH |
| IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. | |||||
| CVE-2017-6755 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1. | |||||