Total
29619 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6895 | 1 Sony Ericsson | 1 T60 | 2025-04-09 | N/A |
| The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses. | ||||
| CVE-2006-6893 | 1 Tor | 1 Tor | 2025-04-09 | N/A |
| Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE. | ||||
| CVE-2007-2703 | 1 Oracle | 1 Weblogic Portal | 2025-04-09 | N/A |
| BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources. | ||||
| CVE-2006-5415 | 1 News Defilante Horizontale | 1 News Defilante Horizontale | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5945 | 1 Mginternet | 1 Car Site Manager | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp. | ||||
| CVE-2006-6632 | 1 Genepi | 1 Genepi | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. | ||||
| CVE-2006-6939 | 1 Gnu | 1 Ed | 2025-04-09 | N/A |
| GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. | ||||
| CVE-2007-2705 | 1 Bea | 2 Weblogic Integration, Weblogic Workshop | 2025-04-09 | N/A |
| Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors. | ||||
| CVE-2007-2706 | 1 Geeklog | 1 Media Gallery | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter. | ||||
| CVE-2007-0222 | 1 Oracle | 1 Application Server | 2025-04-09 | N/A |
| Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293). | ||||
| CVE-2007-2707 | 1 Linksnet | 1 Newsfeed | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter. | ||||
| CVE-2007-2720 | 1 Group-office | 1 Group-office Groupware | 2025-04-09 | N/A |
| Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2721 | 2 Jasper Jpeg-2000, Redhat | 2 Jasper Jpeg-2000, Enterprise Linux | 2025-04-09 | N/A |
| The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. | ||||
| CVE-2007-2725 | 1 Db Soft Lab | 1 Dewizardx | 2025-04-09 | N/A |
| The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function. | ||||
| CVE-2007-0269 | 1 Oracle | 1 Database Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02. | ||||
| CVE-2007-2734 | 1 3com | 8 3crtpx505-73, 3crx506-96, Tippingpoint 200 and 5 more | 2025-04-09 | N/A |
| The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic. | ||||
| CVE-2007-0276 | 1 Oracle | 1 Database Server | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). | ||||
| CVE-2007-0277 | 1 Oracle | 1 Database Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11. | ||||
| CVE-2007-0278 | 1 Oracle | 1 Database Server | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). | ||||
| CVE-2007-0281 | 1 Oracle | 3 Application Server, Collaboration Suite, Http Server | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. | ||||