Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1874 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 7.2 HIGH | N/A |
|
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
|
|||||
| CVE-2006-6758 | 1 Http Explorer | 1 Http Explorer Web Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI.
|
|||||
| CVE-2007-3823 | 1 Ipswitch | 1 Ws Ftp | 2025-04-09 | 7.8 HIGH | N/A |
|
The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp.
|
|||||
| CVE-2006-5435 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use
|
|||||
| CVE-2006-6036 | 1 Emreturk | 1 Openhuman | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-4879 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.
|
|||||
| CVE-2006-6357 | 1 Phpnews | 1 Phpnews | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1609 | 1 Oracle | 1 Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563.
|
|||||
| CVE-2006-5980 | 1 Renasoft | 1 Netjetserver | 2025-04-09 | 10.0 HIGH | N/A |
|
adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
|
|||||
| CVE-2008-1501 | 2 Ircu, Quakenet | 2 Ircu, Snircd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.
|
|||||
| CVE-2007-1628 | 1 Studiewijzer | 1 Studiewijzer | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_displa ...
Show More |
|||||
| CVE-2006-6801 | 1 Sh-news | 1 Sh-news | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter.
|
|||||
| CVE-2006-6778 | 1 Timberwolf | 1 Timberwolf | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
|
|||||
| CVE-2008-5298 | 1 Karakas-online | 1 Chm2pdf | 2025-04-09 | 2.1 LOW | N/A |
|
chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time.
|
|||||
| CVE-2007-2080 | 1 Xampp | 1 Apache Distribution | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.
|
|||||
| CVE-2007-3672 | 1 Dotclear | 1 Dotclear | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.
|
|||||
| CVE-2007-1869 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.
|
|||||
| CVE-2006-5641 | 1 Techno Dreams | 1 Announcement Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter.
|
|||||
| CVE-2007-1015 | 1 Aktueldownload | 1 Aktueldownload Haber Script | 2025-04-09 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-7020 | 1 Oliver Georgi | 1 Phpwcms | 2025-04-09 | 7.8 HIGH | N/A |
|
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).
|
|||||
| CVE-2006-5185 | 1 Hamweather | 1 Hamweather | 2025-04-09 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function.
|
|||||
| CVE-2007-2201 | 1 Post Revolution | 1 Post Revolution | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.
|
|||||
| CVE-2007-2396 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.
|
|||||
| CVE-2007-2641 | 1 W1l3d4 | 1 Philboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter, a different vector than CVE-2007-0920.
|
|||||
| CVE-2007-3397 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2007-3612 | 1 Visual Irc | 1 Visual Irc | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command.
|
|||||
| CVE-2007-0876 | 1 Qdig | 1 Qdig | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI.
|
|||||
| CVE-2007-1376 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
|
|||||
| CVE-2007-4235 | 1 Vietphp | 1 Vietphp | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.
|
|||||
| CVE-2007-3122 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
|
|||||
| CVE-2006-5908 | 1 Lucas Rodriguez San Pedro | 1 Yet Another News System | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
|
|||||
| CVE-2007-2637 | 2 Moinmoin, Ubuntu | 2 Moinmoin, Ubuntu Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
|
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.
|
|||||
| CVE-2007-0633 | 1 T-systems Solutions For Research Gmbh | 1 Mynews | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.
|
|||||
| CVE-2006-6010 | 1 Sap | 1 Sap Web Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
|
|||||
| CVE-2006-6024 | 1 Qualcomm | 1 Eudora Worldmail | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. NOTE: Some of these details are obtained from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identif ...
Show More |
|||||
| CVE-2006-7023 | 1 Fx-app | 1 Fx-app | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.
|
|||||
| CVE-2007-6480 | 1 Sun | 2 Management\+center, Sunos | 2025-04-09 | 9.4 HIGH | N/A |
|
The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.
|
|||||
| CVE-2006-6814 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 6.3 MEDIUM | N/A |
|
Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter.
|
|||||
| CVE-2008-6845 | 1 Clamav | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.
|
|||||
| CVE-2007-0426 | 1 Oracle | 1 Weblogic Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.
|
|||||