Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2535 | 1 Winace | 1 Winace | 2025-04-09 | 7.8 HIGH | N/A |
|
WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
|
|||||
| CVE-2007-0177 | 1 Mediawiki | 1 Mediawiki | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-4437 | 1 Ampache | 1 Ampache | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.
|
|||||
| CVE-2007-3073 | 3 Apple, Mozilla, Unix | 3 Mac Os X, Firefox, Unix | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.
|
|||||
| CVE-2006-6952 | 1 Ca | 1 Host-based Intrusion Prevention System | 2025-04-09 | 7.2 HIGH | N/A |
|
Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.
|
|||||
| CVE-2006-6556 | 1 Eyeos | 1 Eyeos | 2025-04-09 | 7.5 HIGH | N/A |
|
The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation.
|
|||||
| CVE-2007-0362 | 1 Freshreader | 1 Freshreader | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.
|
|||||
| CVE-2006-6707 | 1 Mcafee | 2 Neotrace, Visual Trace | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-7099 | 1 Solarpay | 1 Solarpay | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3347 | 1 D-link | 2 Dph-540, Dph-541 | 2025-04-09 | 7.8 HIGH | N/A |
|
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
|
|||||
| CVE-2006-5577 | 1 Microsoft | 1 Ie | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.
|
|||||
| CVE-2007-4170 | 1 Al-athkar | 1 Al-athkar | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php.
|
|||||
| CVE-2008-1261 | 1 Zyxel | 1 P-2602hw-d1a | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI.
|
|||||
| CVE-2007-0361 | 1 Comscripts | 1 Phpmyphorum | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.
|
|||||
| CVE-2007-2145 | 1 Minigal | 1 Minigal | 2025-04-09 | 7.5 HIGH | N/A |
|
The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4287 | 1 Fishcart | 1 Fishcart | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in fc_functions/fc_example.php in FishCart 3.2 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the docroot parameter.
|
|||||
| CVE-2006-6548 | 1 Cpanel | 1 Webhost Manager | 2025-04-09 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.
|
|||||
| CVE-2007-2706 | 1 Geeklog | 1 Media Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.
|
|||||
| CVE-2008-1701 | 2 Apple, Novell | 2 Mac Os X, Iprint | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request.
|
|||||
| CVE-2006-6722 | 1 Jelle De Vos | 1 Bandwebsite | 2025-04-09 | 7.5 HIGH | N/A |
|
Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1.
|
|||||
| CVE-2007-0528 | 1 Centrality Communications | 1 Pa168 Chipset | 2025-04-09 | 9.0 HIGH | N/A |
|
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
|
|||||
| CVE-2007-1888 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.
|
|||||
| CVE-2006-5893 | 1 Iwonder Designs | 1 Storystream | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/.
|
|||||
| CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2006-6150 | 1 Owllib | 1 Owllib | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter.
|
|||||
| CVE-2007-3942 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use
|
|||||
| CVE-2007-4192 | 1 Ide Group | 1 Dvd Rental System Drs | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.
|
|||||
| CVE-2007-0847 | 1 Open Tibia Server Cms | 1 Open Tibia Server Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.
|
|||||
| CVE-2007-3699 | 1 Symantec | 13 Antivirus Scan Engine, Brightmail Antispam, Client Security and 10 more | 2025-04-09 | 9.3 HIGH | N/A |
|
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
|
|||||
| CVE-2007-0579 | 1 Horde | 1 Groupware | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4489 | 1 Ecentrex | 1 Voip Client Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit method.
|
|||||
| CVE-2007-2431 | 1 Tecnick.com | 1 Tcexam | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.
|
|||||
| CVE-2008-5089 | 1 Datadynamics | 1 Activereports | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport, or (3) Canvas.Save method.
|
|||||
| CVE-2007-1353 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.
|
|||||
| CVE-2006-5397 | 1 X.org | 1 Libx11 | 2025-04-09 | 2.1 LOW | N/A |
|
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
|
|||||
| CVE-2007-1913 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
|
|||||
| CVE-2006-5282 | 1 Sh-news | 1 Sh-news | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php.
|
|||||
| CVE-2007-2497 | 1 Realnetworks | 1 Realplayer | 2025-04-09 | 7.8 HIGH | N/A |
|
RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.
|
|||||
| CVE-2007-1459 | 1 Webcreator | 1 Webcreator | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files.
|
|||||
| CVE-2006-6207 | 1 Lynx Internet Solutions | 1 Evolve Merchant | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL error
|
|||||