Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5724 | 1 Mirabilis | 1 Icq | 2025-04-09 | 2.1 LOW | N/A |
|
Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.
|
|||||
| CVE-2006-5026 | 1 Paisterist | 1 Simple Http Scanner | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.3 have unknown impact and attack vectors.
|
|||||
| CVE-2006-5659 | 1 Pam Extern | 1 Pam Extern | 2025-04-09 | 2.1 LOW | N/A |
|
PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5030 | 1 Exv2 | 1 Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
|
|||||
| CVE-2007-1328 | 1 Bernard Joly | 1 Bj Webring | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu.
|
|||||
| CVE-2007-1372 | 1 Postguestbook | 1 Postguestbook | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter.
|
|||||
| CVE-2006-7045 | 1 Cmpro Team | 1 Clan Manager Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b) cmpro.intern/comment.core.inc.php. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
|
|||||
| CVE-2007-0799 | 1 Uapplication | 1 Ublog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2006-6415 | 1 Phpadsnew | 1 Phpadsnew | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/lib-maintenance.inc.php in phpAdsNew 2.0.4-pr2 allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter, a different component than CVE-2006-3984. NOTE: this issue is disputed by CVE, since phpAds_path is used as a constant
|
|||||
| CVE-2007-2300 | 1 Surat Kabar | 1 Phpwebnews | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.
|
|||||
| CVE-2006-5391 | 1 Xfire | 1 Xfire | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777.
|
|||||
| CVE-2007-2195 | 1 Alvaro | 1 Alvaros Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
|
aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.
|
|||||
| CVE-2006-6021 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
|
|||||
| CVE-2007-0676 | 1 Exo | 1 Exophpdesk | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-0832 | 1 Vmware | 1 Workstation | 2025-04-09 | 1.2 LOW | N/A |
|
VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems.
|
|||||
| CVE-2007-1343 | 1 Webcalendar | 1 Webcalendar | 2025-04-09 | 7.5 HIGH | N/A |
|
includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.
|
|||||
| CVE-2006-5672 | 1 Mysource Cms | 1 Mysource Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in web/init_mysource.php in MySource CMS 2.16.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter.
|
|||||
| CVE-2007-3270 | 1 Phpmyinventory | 1 Phpmyinventory | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter.
|
|||||
| CVE-2007-6286 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
|
|||||
| CVE-2008-5118 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."
|
|||||
| CVE-2007-2047 | 1 Openads | 1 Openads | 2025-04-09 | 7.5 HIGH | N/A |
|
CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-3424 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
|
The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.
|
|||||
| CVE-2007-4325 | 1 Mapos Scripts | 1 Gaestebuch | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
|
|||||
| CVE-2006-7180 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 6.8 MEDIUM | N/A |
|
ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.
|
|||||
| CVE-2007-3842 | 1 8e6 | 1 R3000 Enterprise Filter | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise Filter before 2.0.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this may be the same as CVE-2007-2970.
|
|||||
| CVE-2006-6065 | 1 Mxbb | 1 Calsnails Module | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
|
|||||
| CVE-2006-5412 | 1 Php Outburst | 1 Easynews | 2025-04-09 | 5.1 MEDIUM | N/A |
|
admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter.
|
|||||
| CVE-2006-6917 | 1 Broadcom | 1 Brightstor Arcserve Backup Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.
|
|||||
| CVE-2006-6436 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages.
|
|||||
| CVE-2007-1361 | 1 Virtuemart | 1 Virtuemart | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376.
|
|||||
| CVE-2007-5633 | 2 Almico, Microsoft | 2 Speedfan, Windows Vista | 2025-04-09 | 7.2 HIGH | N/A |
|
Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR.
|
|||||
| CVE-2007-0598 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php.
|
|||||
| CVE-2006-6617 | 1 Microsoft | 1 Project Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
|
|||||
| CVE-2007-0493 | 1 Isc | 1 Bind | 2025-04-09 | 7.8 HIGH | N/A |
|
Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
|
|||||
| CVE-2006-7205 | 1 Php Group | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
|
|||||
| CVE-2009-2267 | 1 Vmware | 7 Ace, Esx, Esxi and 4 more | 2025-04-09 | 6.9 MEDIUM | N/A |
|
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the ...
Show More |
|||||
| CVE-2007-0719 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.
|
|||||
| CVE-2007-1463 | 2 Inkscape, Ubuntu | 2 Inkscape, Ubuntu Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
|
|||||
| CVE-2007-2057 | 1 Aircrack-ng | 1 Airodump-ng | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.
|
|||||
| CVE-2009-0778 | 4 Linux, Microsoft, Redhat and 1 more | 8 Linux Kernel, Windows, Enterprise Linux and 5 more | 2025-04-09 | 7.1 HIGH | N/A |
|
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
|
|||||