Max CVSS | 9.4 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2005-3651 | 7.5 |
Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions, allows remote attackers to execute arbitrary code via crafted packets.
|
14-02-2024 - 01:17 | 10-12-2005 - 11:03 | |
CVE-2007-1557 | 7.2 |
Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page.
|
16-10-2018 - 16:39 | 21-03-2007 - 01:19 | |
CVE-2007-1639 | 4.6 |
Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calend
|
16-10-2018 - 16:39 | 23-03-2007 - 23:19 | |
CVE-2007-1646 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe.
|
16-10-2018 - 16:39 | 24-03-2007 - 00:19 | |
CVE-2007-1634 | 7.5 |
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable
|
16-10-2018 - 16:39 | 23-03-2007 - 22:19 | |
CVE-2007-1638 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (
|
16-10-2018 - 16:39 | 23-03-2007 - 23:19 | |
CVE-2007-1609 | 4.3 |
Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
CVE-2007-1537 | 3.6 |
\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via
|
16-10-2018 - 16:39 | 20-03-2007 - 22:19 | |
CVE-2007-1635 | 9.0 |
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be
|
16-10-2018 - 16:39 | 23-03-2007 - 22:19 | |
CVE-2007-1642 | 4.0 |
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.
|
16-10-2018 - 16:39 | 24-03-2007 - 00:19 | |
CVE-2007-1511 | 7.1 |
Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name.
|
16-10-2018 - 16:38 | 20-03-2007 - 10:19 | |
CVE-2007-0923 | 7.8 |
buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.
|
16-10-2018 - 16:35 | 14-02-2007 - 11:28 | |
CVE-2007-0922 | 4.3 |
Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string.
|
16-10-2018 - 16:35 | 14-02-2007 - 11:28 | |
CVE-2007-0921 | 9.4 |
Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.
|
16-10-2018 - 16:35 | 14-02-2007 - 11:28 | |
CVE-2007-5513 | 5.0 |
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from us
|
15-10-2018 - 21:45 | 17-10-2007 - 23:17 | |
CVE-2011-1720 | 6.8 |
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows
|
09-10-2018 - 19:31 | 13-05-2011 - 17:05 | |
CVE-2008-4074 | 7.5 |
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
|
29-09-2017 - 01:31 | 15-09-2008 - 15:14 | |
CVE-2006-3696 | 2.1 |
filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe.
|
20-07-2017 - 01:32 | 21-07-2006 - 14:03 |