Lucene search
K

2780 matches found

Cvelist
Cvelist
added 2007/02/21 5:0 p.m.18 views

CVE-2007-1046

Demtrac allows remote attackers to read log file contents via a direct request for /ancsit.txt...

6.6AI score0.01979EPSS
Exploits1References5
Prion
Prion
added 2007/02/16 12:28 a.m.13 views

Design/Logic Flaw

The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information memory contents by doing 1 text searches or 2 paste operations after pressing certain keyboard shortcut keys...

2.1CVSS6.5AI score0.00502EPSS
Exploits1References12Affected Software1
NVD
NVD
added 2007/02/08 6:28 p.m.16 views

CVE-2007-0854

Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager WHM allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used...

7.5CVSS7.5AI score0.06078EPSS
Exploits1References10
NVD
NVD
added 2007/02/07 8:28 p.m.28 views

CVE-2007-0822

umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensiti...

1.9CVSS6AI score0.0041EPSS
Exploits1References6
Cvelist
Cvelist
added 2007/02/07 8:0 p.m.27 views

CVE-2007-0822

umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensiti...

5.9AI score0.0041EPSS
Exploits1References6
Prion
Prion
added 2007/01/31 9:28 p.m.11 views

Information disclosure

show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information database contents via a % percent character in the dbfieldv parameter...

5CVSS6.6AI score0.03023EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2007/01/31 9:28 p.m.12 views

CVE-2007-0638

show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information database contents via a % percent character in the dbfieldv parameter...

5CVSS6.1AI score0.03023EPSS
Exploits1References6
EUVD
EUVD
added 2007/01/31 9:0 p.m.4 views

EUVD-2007-0636

show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information database contents via a % percent character in the dbfieldv parameter...

5CVSS6AI score0.03023EPSS
Exploits1References6
Saint
Saint
added 2007/01/31 12:0 a.m.26 views

Microsoft Help Workshop .CNT file buffer overflow

Added: 01/31/2007 CVE: CVE-2007-0352 BID: 22100 OSVDB: 31898 Background Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product. Problem A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user...

9.3CVSS6.8AI score0.36385EPSS
Exploits5
NVD
NVD
added 2007/01/29 4:28 p.m.16 views

CVE-2006-6961

WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name...

6.8CVSS6.7AI score0.01162EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/01/29 4:0 p.m.22 views

CVE-2006-6961

WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name...

6.7AI score0.01162EPSS
Exploits0References4
CVE
CVE
added 2007/01/29 4:0 p.m.50 views

CVE-2006-6961

WebRoot Spy Sweeper 4.5.9 and earlier fails to detect malware based on file contents, allowing remote attackers to bypass malware detection by renaming a file. Connected documents specify that detection is blocked only by filename and that multiple archive formats are not supported. Affected prod...

6.8CVSS6.7AI score0.01162EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/01/05 12:28 a.m.23 views

CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

6.8CVSS6.7AI score0.05638EPSS
Exploits1References6
Prion
Prion
added 2007/01/05 12:28 a.m.18 views

Cross site scripting

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

6.8CVSS6.9AI score0.05638EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2007/01/05 12:0 a.m.28 views

CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

6.7AI score0.05638EPSS
Exploits1References6
CVE
CVE
added 2007/01/05 12:0 a.m.54 views

CVE-2007-0059

CVE-2007-0059 is a cross-zone scripting vulnerability in Apple QuickTime 3–7.1.3 . A QuickTime movie (.MOV) with an HREF Track that contains an automatic action tag with a local URI can execute in the local zone during preview, enabling remote user‑assisted execution and the ability to list files...

6.8CVSS6.7AI score0.05638EPSS
Exploits1References6Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/12/28 12:0 a.m.15 views

JVN#31185550 tDiary arbitrary Ruby script execution vulnerability

Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the web server with tDiary's execution privilege. This could lead to information leak or erasure, password compromise, and contents alteration, etc. Solution Products Affected tDiary 2.0.3 tDiary...

7.2AI score
Exploits0
NVD
NVD
added 2006/11/21 11:7 p.m.28 views

CVE-2006-6013

Integer signedness error in the fwioctl FWIOCTL function in the FireWire IEEE-1394 drivers dev/firewire/fwdev.c in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows...

2.1CVSS6.3AI score0.00398EPSS
Exploits0References19
Cvelist
Cvelist
added 2006/11/21 11:0 p.m.27 views

CVE-2006-6013

Integer signedness error in the fwioctl FWIOCTL function in the FireWire IEEE-1394 drivers dev/firewire/fwdev.c in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows...

6.2AI score0.00398EPSS
Exploits0References19
Zero Day Initiative
Zero Day Initiative
added 2006/11/15 12:0 a.m.31 views

Verity Ultraseek Request Proxying Vulnerability

This vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultraseek. Authentication is not required to exploit this vulnerability. The specific flaw exists within the highlight script used to highlight search terms on spider...

10CVSS2AI score0.06339EPSS
Exploits0References1
Rows per page
Query Builder