Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3585 | 1 Mycms | 1 Mycms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
|
|||||
| CVE-2007-2417 | 2 Progress, Rsa | 4 Openedge, Progress, Ace Server and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.
|
|||||
| CVE-2007-2970 | 1 8e6 Technologies | 1 R3000 Internet Filter | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-4398 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.
|
|||||
| CVE-2007-0077 | 1 Lblog | 1 Lblog | 2025-04-09 | 5.0 MEDIUM | N/A |
|
lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/.
|
|||||
| CVE-2006-5868 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
|
|||||
| CVE-2007-3255 | 1 Xythos | 1 Enterprise Document Manager | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server.
|
|||||
| CVE-2007-3052 | 1 Postnuke Software Foundation | 1 Pnphpbb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.
|
|||||
| CVE-2007-3053 | 1 Calimero.cms | 1 Calimero.cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
|
|||||
| CVE-2006-5205 | 1 Invision Power Services | 1 Invision Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.
|
|||||
| CVE-2007-1307 | 2 Intel, Lenovo | 2 Pro 1000 Lan Adapter, Thinkpad | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
|
|||||
| CVE-2007-3725 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
|
|||||
| CVE-2007-2032 | 1 Cisco | 1 Wireless Control System | 2025-04-09 | 7.5 HIGH | N/A |
|
Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014.
|
|||||
| CVE-2006-5562 | 1 Open Source Technology Group | 1 Sourceforge | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/database.php in SourceForge (aka alexandria) 1.0.4 allows remote attackers to execute arbitrary PHP code via the sys_dbtype parameter.
|
|||||
| CVE-2007-3432 | 1 Pluxml | 1 Pluxml | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
|
|||||
| CVE-2007-1999 | 1 Nazarkin.name | 1 Weatimages | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.
|
|||||
| CVE-2007-4059 | 1 Vmware | 1 Workstation | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.
|
|||||
| CVE-2006-5044 | 2 Joomla, Mambo | 2 Prince Clan Chess Component, Prince Clan Chess Component | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
|
|||||
| CVE-2007-2638 | 1 Efilecabinet | 1 Efilecabinet | 2025-04-09 | 10.0 HIGH | N/A |
|
eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures.
|
|||||
| CVE-2007-4931 | 1 Hp | 1 System Management Homepage | 2025-04-09 | 2.1 LOW | N/A |
|
HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL.
|
|||||
| CVE-2006-5098 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-09 | 5.0 MEDIUM | N/A |
|
lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.
|
|||||
| CVE-2007-2896 | 2 Microsoft, Symantec | 2 All Windows, Enterprise Security Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
|
|||||
| CVE-2007-1640 | 1 Classweb | 1 Classweb | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php.
|
|||||
| CVE-2007-1689 | 1 Symantec | 2 Norton Internet Security, Norton Personal Firewall | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.
|
|||||
| CVE-2007-3932 | 1 Joomla | 1 Expose | 2025-04-09 | 7.5 HIGH | N/A |
|
uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.
|
|||||
| CVE-2006-7056 | 1 Dreamcost | 1 Hostadmin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791.
|
|||||
| CVE-2006-5308 | 1 Open Conference Systems | 1 Open Conference Systems | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php.
|
|||||
| CVE-2007-5584 | 1 Cisco | 3 7600 Router, Catalyst 6500, Firewall Services Module | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections."
|
|||||
| CVE-2007-3107 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits.
|
|||||
| CVE-2007-0184 | 1 Getahead | 1 Direct Web Remoting | 2025-04-09 | 7.5 HIGH | N/A |
|
Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.
|
|||||
| CVE-2007-0333 | 1 Agnitum | 1 Outpost Firewall | 2025-04-09 | 7.2 HIGH | N/A |
|
Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys.
|
|||||
| CVE-2007-2081 | 1 Myblog | 1 Myblog | 2025-04-09 | 7.5 HIGH | N/A |
|
MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.
|
|||||
| CVE-2006-6919 | 1 Sage-mozdev | 1 Sage | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.
|
|||||
| CVE-2006-6424 | 1 Novell | 1 Netmail | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
|
|||||
| CVE-2006-6429 | 1 Xerox | 1 Workcentre | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option."
|
|||||
| CVE-2007-0382 | 1 Letterman | 1 Letterman | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions.
|
|||||
| CVE-2006-5298 | 1 Mutt | 1 Mutt | 2025-04-09 | 1.2 LOW | N/A |
|
The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.
|
|||||
| CVE-2007-0400 | 1 Easebay Resources | 1 Login Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
|
|||||
| CVE-2007-3429 | 1 E107 | 1 E107 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
|
|||||
| CVE-2007-6358 | 1 Glyph And Cog | 1 Pdftops | 2025-04-09 | 4.9 MEDIUM | N/A |
|
pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.
|
|||||