Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1056 | 1 Ibm | 1 Rational Appscan | 2025-04-09 | 5.0 MEDIUM | N/A |
|
IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing."
|
|||||
| CVE-2007-5521 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.3.3, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS06.
|
|||||
| CVE-2009-3292 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
|
|||||
| CVE-2007-5605 | 1 Hp | 1 Instant Support | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607.
|
|||||
| CVE-2009-3377 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
|
|||||
| CVE-2008-2041 | 1 Egroupware | 1 Egroupware | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.
|
|||||
| CVE-2009-2000 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.
|
|||||
| CVE-2008-3969 | 2 Bitlbee, Fedoraproject | 2 Bitlbee, Fedora | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.
|
|||||
| CVE-2008-2603 | 1 Oracle | 1 Enterprise Manager | 2025-04-09 | 3.5 LOW | N/A |
|
Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in mu ...
Show More |
|||||
| CVE-2008-2606 | 1 Oracle | 2 Application Object Library, E-business Suite | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2586.
|
|||||
| CVE-2009-3339 | 1 Mcafee | 1 Email And Web Security Appliance | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2008-3999 | 1 Oracle | 2 Database 10g, Database 9i | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.
|
|||||
| CVE-2009-1043 | 1 Microsoft | 2 Internet Explorer, Windows 7 | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
|
|||||
| CVE-2008-1826 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05.
|
|||||
| CVE-2007-5808 | 1 Hitachi | 3 Groupmax Collaboration Portal, Groupmax Collaboration Web Client, Ucosminexus Collaboration Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Portal 06-30 through 06-30-/F and 06-32 through 06-32-/C, and Groupmax Collaboration Web Client - Mail/Schedule 07-30 through 07-30-/F and 07-32 through 07-32-/B might allow remote attackers to obtain sensitive information via unspecified vectors related to schedule portlets.
|
|||||
| CVE-2009-1998 | 1 Oracle | 1 Industry Applications | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Communications Order and Service Management component in Oracle Industry Applications 2.8.0, 6.2.0, 6.3.0, and 6.3.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2009-2490 | 1 Sun | 1 Ray Server Software | 2025-04-09 | 1.9 LOW | N/A |
|
Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource leaks."
|
|||||
| CVE-2008-3139 | 2 Rpath, Wireshark | 2 Rpath Linux, Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
|
|||||
| CVE-2009-3169 | 1 Hitachi | 1 Jp1 File Transmission Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-2009-0131 | 1 Sun | 1 Opensolaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The UFS implementation in the kernel in Sun OpenSolaris snv_29 through snv_90 allows local users to cause a denial of service (panic) via the single posix_fallocate test in the SUSv3 POSIX test suite, related to an F_ALLOCSP fcntl call.
|
|||||
| CVE-2007-5921 | 1 Sun | 1 Sunos | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346.
|
|||||
| CVE-2007-5524 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS09 or AS9.
|
|||||
| CVE-2008-1816 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection.
|
|||||
| CVE-2009-1992 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2009-3379 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
|
|||||
| CVE-2009-0996 | 1 Oracle | 1 Application Server | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors.
|
|||||
| CVE-2007-1279 | 2 Adobe, Apple | 2 Bridge, Mac Os X | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.
|
|||||
| CVE-2008-5448 | 1 Oracle | 1 Secure Backup | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.
|
|||||
| CVE-2007-5963 | 1 Kde | 1 Kde | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.
|
|||||
| CVE-2008-3691 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694 ...
Show More |
|||||
| CVE-2007-5830 | 1 Avaya | 2 Message Networking, Messaging Storage Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."
|
|||||
| CVE-2009-1604 | 1 Limesurvey | 1 Limesurvey | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in LimeSurvey before 1.82 allows remote attackers to execute commands and obtain sensitive data via unknown attack vectors related to /admin/remotecontrol/.
|
|||||
| CVE-2008-1729 | 1 Drupal | 1 Drupal | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.
|
|||||
| CVE-2008-5456 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2007-6296 | 1 Phpmychat | 1 Phpmychat | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.
|
|||||
| CVE-2007-6549 | 1 Runcms | 1 Runcms | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using."
|
|||||
| CVE-2006-5784 | 1 Sap | 1 Sap Web Application Server | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
|
|||||
| CVE-2007-3854 | 1 Oracle | 9 Apex, Application Server, Collaboration Suite and 6 more | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.
|
|||||
| CVE-2008-1877 | 1 Debian | 1 Tss | 2025-04-09 | 2.1 LOW | N/A |
|
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.
|
|||||
| CVE-2009-0998 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefits component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||