Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4518 | 1 Qbik | 1 Wingate | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.
|
|||||
| CVE-2006-6249 | 1 Chama Cargo | 1 Chama Cargo | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-1700 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.
|
|||||
| CVE-2007-2169 | 1 Mozzers Subsystem | 1 Mozzers Subsystem | 2025-04-09 | 7.5 HIGH | N/A |
|
Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php.
|
|||||
| CVE-2006-5369 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Application Object Library in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS02.
|
|||||
| CVE-2006-6613 | 1 Phpalbum.net | 1 Phpalbum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
|
|||||
| CVE-2006-6762 | 1 Novell | 1 Netmail | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
|
|||||
| CVE-2006-5375 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03.
|
|||||
| CVE-2007-3368 | 1 Polycom | 1 Soundpoint Ip 650 | 2025-04-09 | 7.8 HIGH | N/A |
|
Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.
|
|||||
| CVE-2008-1312 | 1 Packettrap | 1 Pt360 Tool Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to cause a denial of service (daemon crash) via a long TFTP packet, a different vulnerability than CVE-2008-1311.
|
|||||
| CVE-2006-5594 | 1 University Of British Columbia | 1 Ipeer | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP.
|
|||||
| CVE-2007-0462 | 1 Apple | 2 Mac Os X, Quicktime | 2025-04-09 | 10.0 HIGH | N/A |
|
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
|
|||||
| CVE-2007-1708 | 1 Ttcms | 1 Ttforum | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.
|
|||||
| CVE-2007-4007 | 1 Article Directory | 1 Article Directory | 2025-04-09 | 9.3 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
|
|||||
| CVE-2006-5841 | 1 Dodos Scripts | 1 Dodosmail | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters.
|
|||||
| CVE-2006-4408 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.
|
|||||
| CVE-2007-1280 | 2 Adobe, Microsoft | 3 Robohelp, Robohelp Server, All Windows | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6.
|
|||||
| CVE-2007-3554 | 1 Hp | 1 Instant Support | 2025-04-09 | 7.6 HIGH | N/A |
|
Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.
|
|||||
| CVE-2006-5605 | 1 Phpcards | 1 Phpcards | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspecified parameters.
|
|||||
| CVE-2006-6847 | 1 Realnetworks | 1 Realplayer | 2025-04-09 | 5.0 MEDIUM | N/A |
|
An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument.
|
|||||
| CVE-2006-6336 | 1 Eudora | 1 Worldmail Management Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters.
|
|||||
| CVE-2007-2477 | 1 Phpmychat | 1 Phpmychat | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value
|
|||||
| CVE-2007-4702 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
|
|||||
| CVE-2007-3318 | 1 Avaya | 1 One-x | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message.
|
|||||
| CVE-2007-0148 | 1 Omnigroup | 1 Omniweb | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.
|
|||||
| CVE-2007-4455 | 1 Asterisk | 3 Asterisk, Asterisk Appliance Developer Kit, Asterisknow | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
|
|||||
| CVE-2006-4510 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
|
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.
|
|||||
| CVE-2006-6531 | 1 Drupal | 1 Help Tip Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles.
|
|||||
| CVE-2007-1948 | 1 Irfanview | 1 Irfanview | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.
|
|||||
| CVE-2007-1855 | 1 Webasyst Llc | 1 Shop-script | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_class.php in Shop-Script FREE allow remote attackers to execute arbitrary PHP code via a URL in the (1) _smarty_compile_path, (2) smarty_compile_path, (3) get_plugin_filepath, (4) smarty_dir, and (5) filename parameters. NOTE: this issue might be related to CVE-2006-7105.
|
|||||
| CVE-2007-3326 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2.
|
|||||
| CVE-2007-4112 | 1 Advanced Webhost Billing System | 1 Advanced Webhost Billing System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."
|
|||||
| CVE-2007-0083 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan.
|
|||||
| CVE-2009-1634 | 1 Novell | 1 Groupwise | 2025-04-09 | 7.5 HIGH | N/A |
|
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
|
|||||
| CVE-2007-1079 | 1 Rhinosoft | 1 Ftp Voyager | 2025-04-09 | 7.8 HIGH | N/A |
|
Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.
|
|||||
| CVE-2007-2848 | 1 Sky Software | 2 Shcombobox Activex Control, Shell Megapack Activex | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the SetPath function in the shComboBox ActiveX control (shcmb80.ocx) in Sky Software Shell MegaPack ActiveX 8.0 allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3200 | 1 Novell | 1 Modular Authentication Service | 2025-04-09 | 4.9 MEDIUM | N/A |
|
NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.
|
|||||
| CVE-2007-0144 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.
|
|||||
| CVE-2006-5722 | 1 Middlebury College | 1 Segue Cms | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1256 | 1 Zyxel | 1 P-660hw | 2025-04-09 | 10.0 HIGH | N/A |
|
The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access.
|
|||||