Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1128 | 1 Watersweb Shops | 1 Shop Kit Plus | 2025-04-09 | 5.0 MEDIUM | N/A |
|
shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.
|
|||||
| CVE-2007-1792 | 1 Symantec | 2 Mail Security, Mail Security 8820 Appliance | 2025-04-09 | 7.8 HIGH | N/A |
|
libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02".
|
|||||
| CVE-2006-7220 | 1 Sap | 2 Saplpd, Sapsprint | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6833 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
|
|||||
| CVE-2006-5855 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
|
|||||
| CVE-2007-3254 | 1 Xythos | 1 Enterprise Document Manager | 2025-04-09 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also a ...
Show More |
|||||
| CVE-2006-7177 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 7.8 HIGH | N/A |
|
MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system."
|
|||||
| CVE-2006-6641 | 5 Arcserve, Broadcom, Cleverpath and 2 more | 11 Brightstor, Cleverpath Portal, Aion Bpm and 8 more | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.
|
|||||
| CVE-2009-0638 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Firewall Services Module | 2025-04-09 | 7.8 HIGH | N/A |
|
The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP messages.
|
|||||
| CVE-2007-1674 | 1 Landesk | 1 Landesk Management Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP.
|
|||||
| CVE-2006-5433 | 1 Timm Maass | 1 Alice Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[local_root] parameter.
|
|||||
| CVE-2007-3529 | 1 Phpdirector | 1 Phpdirector | 2025-04-09 | 7.8 HIGH | N/A |
|
videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message.
|
|||||
| CVE-2007-3123 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
|
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2006-7031 | 1 Microsoft | 10 Internet Explorer, Windows 2000, Windows 2003 Server and 7 more | 2025-04-09 | 5.0 MEDIUM | 6.5 MEDIUM |
|
Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.
|
|||||
| CVE-2006-6991 | 1 Fast Browser | 1 Fast Browser | 2025-04-09 | 7.8 HIGH | N/A |
|
Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
|
|||||
| CVE-2007-1514 | 1 Viperweb | 1 Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter.
|
|||||
| CVE-2007-4162 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 7.8 HIGH | N/A |
|
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic.
|
|||||
| CVE-2009-4136 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 6.5 MEDIUM | N/A |
|
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
|
|||||
| CVE-2007-4510 | 2 Clam Anti-virus, Kolab | 2 Clamav, Kolab Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0093 | 1 Cms-center | 1 Simple Web Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-0841 | 1 Vbdrupal | 1 Vbdrupal | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.
|
|||||
| CVE-2007-2545 | 1 Persism Cms | 1 Persism Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.
|
|||||
| CVE-2007-4248 | 1 Toolbar Gaming | 1 Toolbar Gaming | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.
|
|||||
| CVE-2006-5625 | 1 Nx | 1 N X Wcms | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter.
|
|||||
| CVE-2007-2963 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
|
|||||
| CVE-2007-4212 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag.
|
|||||
| CVE-2008-1153 | 1 Cisco | 2 Cisco Ios, Ios | 2025-04-09 | 7.1 HIGH | N/A |
|
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.
|
|||||
| CVE-2006-6152 | 1 Vspin.net | 1 Classified System | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp.
|
|||||
| CVE-2007-4625 | 1 Polipo | 1 Polipo | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request.
|
|||||
| CVE-2006-5385 | 1 Spamoborona | 1 Spamoborona | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-3179 | 1 Particle Blogger | 1 Particle Blogger | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors.
|
|||||
| CVE-2007-0652 | 1 Mailenable | 1 Mailenable Professional | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
|
|||||
| CVE-2007-2134 | 1 Oracle | 1 Enterpriseone | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01.
|
|||||
| CVE-2007-2749 | 1 Faqengine | 1 Faqengine | 2025-04-09 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.
|
|||||
| CVE-2007-2568 | 1 Vcdgear | 1 Vcdgear | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file.
|
|||||
| CVE-2009-2199 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
|
|||||
| CVE-2007-3548 | 1 W3filer | 1 W3filer | 2025-04-09 | 7.1 HIGH | N/A |
|
Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file.
|
|||||
| CVE-2006-7125 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics.
|
|||||
| CVE-2006-5753 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
|
|||||
| CVE-2007-0765 | 1 Db Masters Multimedia | 1 Curium Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.
|
|||||