CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2007-6086 Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter. | N/A | NONE | — | 0 |
| CVE-2007-6087 Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module. | N/A | NONE | — | 0 |
| CVE-2007-6088 PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path para... | N/A | NONE | — | 0 |
| CVE-2007-6089 PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | N/A | NONE | — | 0 |
| CVE-2007-6090 Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this informati... | N/A | NONE | — | 0 |
| CVE-2007-6091 Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arb... | N/A | NONE | — | 0 |
| CVE-2007-6092 Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | N/A | NONE | — | 0 |
| CVE-2007-6093 The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expecte... | N/A | NONE | — | 0 |
| CVE-2006-5462 Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, ... | N/A | NONE | — | 0 |
| CVE-2007-6094 The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that ... | N/A | NONE | — | 0 |
| CVE-2007-6095 The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might a... | N/A | NONE | — | 0 |
| CVE-2007-6096 Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown ve... | N/A | NONE | — | 0 |
| CVE-2007-6097 Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrec... | N/A | NONE | — | 0 |
| CVE-2007-6098 Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-conso... | N/A | NONE | — | 0 |
| CVE-2007-6099 Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers... | N/A | NONE | — | 0 |
| CVE-2007-6100 Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject... | N/A | NONE | — | 0 |
| CVE-2007-6101 Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blan... | N/A | NONE | — | 0 |
| CVE-2007-6102 Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed. | N/A | NONE | — | 0 |
| CVE-2007-6103 I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled b... | N/A | NONE | — | 0 |
| CVE-2007-6104 Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML ... | N/A | NONE | — | 0 |
| CVE-2007-6105 Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php a... | N/A | NONE | — | 0 |
| CVE-2007-6106 SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action. | N/A | NONE | — | 0 |
| CVE-2007-6110 Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | N/A | NONE | — | 0 |
| CVE-2007-6111 Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP disse... | N/A | NONE | — | 0 |
| CVE-2008-0418 Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javas... | N/A | NONE | — | 0 |
| CVE-2008-0591 Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming a... | N/A | NONE | — | 0 |
| CVE-2008-0592 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an inva... | N/A | NONE | — | 0 |
| CVE-2008-0593 Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remo... | N/A | NONE | — | 0 |
| CVE-2008-0594 Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for rem... | N/A | NONE | — | 0 |
| CVE-2008-0665 wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. | N/A | NONE | — | 0 |
| CVE-2008-0666 Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files use... | N/A | NONE | — | 0 |
| CVE-2008-0667 The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of ... | N/A | NONE | — | 0 |
| CVE-2008-0668 The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing X... | N/A | NONE | — | 0 |
| CVE-2007-5333 Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, ... | N/A | NONE | — | 0 |
| CVE-2007-6286 Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger... | N/A | NONE | — | 0 |
| CVE-2008-0002 Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive... | N/A | NONE | — | 0 |
| CVE-2008-0669 Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter. NOTE: the provenance of this information is u... | N/A | NONE | — | 0 |
| CVE-2008-0670 SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action. | N/A | NONE | — | 0 |
| CVE-2008-0671 Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from... | N/A | NONE | — | 0 |
| CVE-2008-0672 The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which tri... | N/A | NONE | — | 0 |
| CVE-2008-0673 TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate ar... | N/A | NONE | — | 0 |
| CVE-2008-0675 SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via ... | N/A | NONE | — | 0 |
| CVE-2008-0676 Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. | N/A | NONE | — | 0 |
| CVE-2008-0677 SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action. | N/A | NONE | — | 0 |
| CVE-2008-0678 SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action. | N/A | NONE | — | 0 |
| CVE-2008-0679 Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | N/A | NONE | — | 0 |
| CVE-2008-0680 SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request. | N/A | NONE | — | 0 |
| CVE-2008-0681 SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action. | N/A | NONE | — | 0 |
| CVE-2008-0682 SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter. | N/A | NONE | — | 0 |
| CVE-2008-0683 SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter param... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.