Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2579 | 1 Acp3 | 1 Acp3 | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via (1) the form[mail] parameter to contact/contact/index.php; the (2) form[mods][] or (3) form[search_term] parameter to search/list/action_search/index.php; (4) the id parameter to modules/dl/download.php; (5) the form[cat] parameter to news/list/index.php; the (6) form[cat], (7) form[name], or (8) form[message] parameter to certain news/details/id_*/action_creat ...
Show More |
|||||
| CVE-2007-2325 | 1 Mynewsgroup | 1 Mynewsgroup | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
|
|||||
| CVE-2007-1738 | 1 Truecrypt Foundation | 1 Truecrypt | 2025-04-09 | 6.9 MEDIUM | N/A |
|
TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.
|
|||||
| CVE-2007-4306 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7.
|
|||||
| CVE-2007-1699 | 2 Joomla, Mambo | 2 Swmenu Component, Swmenu Component | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.
|
|||||
| CVE-2006-6126 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
|
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.
|
|||||
| CVE-2006-5246 | 1 Eazy Cart | 1 Eazy Cart | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information.
|
|||||
| CVE-2007-4535 | 1 Vavoom | 1 Vavoom | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error.
|
|||||
| CVE-2007-3464 | 1 Sofaware | 1 Safe At Office 500 Utm | 2025-04-09 | 8.5 HIGH | N/A |
|
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
|
|||||
| CVE-2007-4026 | 1 Telaxus Llc | 1 Epesi | 2025-04-09 | 6.8 MEDIUM | N/A |
|
epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-3096 | 1 Pblang | 1 Pblang | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2007-4227 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958.
|
|||||
| CVE-2006-5736 | 1 Punbb | 1 Punbb | 2025-04-09 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized.
|
|||||
| CVE-2007-2476 | 1 Novell | 1 Securelogin | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes.
|
|||||
| CVE-2008-5984 | 1 Dia | 1 Dia | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
|
|||||
| CVE-2007-4374 | 1 Rndlabs | 1 Babo Violent | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages.
|
|||||
| CVE-2007-1451 | 1 Guppy | 1 Guppy | 2025-04-09 | 6.4 MEDIUM | N/A |
|
GuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression des fichiers d'installation" (delete.php).
|
|||||
| CVE-2006-6431 | 1 Xerox | 1 Workcentre | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors.
|
|||||
| CVE-2006-5741 | 1 Airmagnet | 1 Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Statu ...
Show More |
|||||
| CVE-2007-2977 | 1 Domjudge | 1 Domjudge | 2025-04-09 | 7.8 HIGH | N/A |
|
Buffer overflow in the receive function in submit/submitcommon.c in the submit daemon in DOMjudge before 2.0.0RC1 allows remote attackers to cause a denial of service or have other unspecified impact. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4116 | 1 Metyus | 1 Forum Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in philboard_forum.asp in Metyus Forum Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might be related to CVE-2007-0920 or CVE-2007-3884.
|
|||||
| CVE-2007-1711 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).
|
|||||
| CVE-2007-0664 | 1 Acme Labs | 1 Thttpd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.
|
|||||
| CVE-2006-6664 | 1 Marathon Aleph One | 1 Marathon Aleph One | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information.
|
|||||
| CVE-2009-3049 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.
|
|||||
| CVE-2007-2869 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
|
|||||
| CVE-2009-4587 | 1 Cherokee | 1 Cherokee | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word.
|
|||||
| CVE-2006-6813 | 1 Mxmania | 1 Mxmania File Upload Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2006-4685 | 1 Microsoft | 2 Xml Core Services, Xml Parser | 2025-04-09 | 2.6 LOW | N/A |
|
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
|
|||||
| CVE-2006-5316 | 1 Phplibre | 1 Registrotl | 2025-04-09 | 7.8 HIGH | N/A |
|
registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat.
|
|||||
| CVE-2007-0632 | 1 Asp Edge | 1 Asp Edge | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.
|
|||||
| CVE-2007-0140 | 1 Kolayindir Download | 1 Kolayindir Download | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-1594 | 1 Asterisk | 1 Asterisk | 2025-04-09 | 7.8 HIGH | N/A |
|
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.
|
|||||
| CVE-2006-6248 | 1 Gphotos | 1 Gphotos | 2025-04-09 | 7.8 HIGH | N/A |
|
index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message.
|
|||||
| CVE-2006-6615 | 1 Mxbb | 1 Activity Games Module | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
|
|||||
| CVE-2006-5216 | 1 Sergey Lyubka | 1 Simple Httpd | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
|
|||||
| CVE-2006-5490 | 1 Middlebury College | 1 Segue Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-3383 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
|
|||||
| CVE-2006-7134 | 1 Noah Spurrier | 1 Upload Tool For Php | 2025-04-09 | 10.0 HIGH | N/A |
|
Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1969 | 1 Sam Crew | 1 Myblog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||