Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3822 | 1 Citadel | 1 Webcit | 2025-04-09 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names.
|
|||||
| CVE-2007-0052 | 1 Vizayn Haber | 1 Vizayn Haber | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-6560 | 1 Mxbb | 1 Modsdb | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/common.php in the mx_modsdb 1.0.0 module for MxBB (aka MX-System) Portal allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
|
|||||
| CVE-2007-2089 | 1 Jx Development | 1 Article Component | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/.
|
|||||
| CVE-2006-5415 | 1 News Defilante Horizontale | 1 News Defilante Horizontale | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2006-5540 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 4.0 MEDIUM | N/A |
|
backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."
|
|||||
| CVE-2006-5016 | 1 E-vision | 1 E-vision Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory.
|
|||||
| CVE-2007-2806 | 1 Galix | 1 Galix | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters.
|
|||||
| CVE-2007-0154 | 1 Webulas | 1 Webulas | 2025-04-09 | 7.5 HIGH | N/A |
|
Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.
|
|||||
| CVE-2007-2170 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 9.4 HIGH | N/A |
|
The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.
|
|||||
| CVE-2007-5860 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
|
|||||
| CVE-2006-6872 | 1 Endonesia | 1 Endonesia | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
|
|||||
| CVE-2006-6231 | 1 Vubb | 1 Vubb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message.
|
|||||
| CVE-2007-2339 | 1 Phorum | 1 Phorum | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.
|
|||||
| CVE-2007-0408 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.5 HIGH | N/A |
|
BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.
|
|||||
| CVE-2006-6773 | 1 Fishyshoop | 1 Fishyshoop | 2025-04-09 | 7.5 HIGH | N/A |
|
pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1.
|
|||||
| CVE-2006-4520 | 1 Novell | 1 Edirectory | 2025-04-09 | 7.8 HIGH | N/A |
|
ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.
|
|||||
| CVE-2006-6123 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 2.6 LOW | N/A |
|
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.
|
|||||
| CVE-2007-3607 | 1 Sap | 1 Enjoysap | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.
|
|||||
| CVE-2006-5979 | 1 Renasoft | 1 Netjetserver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
|
|||||
| CVE-2007-2257 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb2 | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-3281 | 1 Php Hosting Biller | 1 Php Hosting Biller | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
|||||
| CVE-2007-2218 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
|
|||||
| CVE-2007-0741 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.
|
|||||
| CVE-2006-5244 | 1 Opendock | 1 Easy Blog | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_read_file.php, and (5) lib_form_file.php in sw/lib_up_file; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified vectors.
|
|||||
| CVE-2007-3265 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-1823 | 1 T-mobile | 1 Voice Mail Systems | 2025-04-09 | 10.0 HIGH | N/A |
|
T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).
|
|||||
| CVE-2007-4184 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
|
|||||
| CVE-2006-5774 | 1 Hyper Nikki System | 1 Hyper Nikki System | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2007-3204 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4025 | 1 Sun | 1 Java System Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.
|
|||||
| CVE-2007-3641 | 1 Freebsd | 1 Libarchive | 2025-04-09 | 9.3 HIGH | N/A |
|
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
|
|||||
| CVE-2007-4330 | 1 Mapos Scripts | 1 Shoutbox | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
|
|||||
| CVE-2007-4659 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
|
|||||
| CVE-2007-2494 | 1 Office Ocx | 1 Powerpoint Viewer Ocx | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-1065 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
|
|||||
| CVE-2006-6574 | 1 Mantis | 1 Mantis | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
|
|||||
| CVE-2009-1750 | 1 Omnisoftsol | 1 Vidsharepro | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
|
|||||
| CVE-2007-1568 | 1 Daansystems | 1 Newsreactor | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.
|
|||||
| CVE-2007-2882 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
|
|||||