Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6277 | 1 Contentserv | 1 Contentserv | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in admin/FileServer.php in ContentServ 4.x allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter, a different vector than CVE-2005-3086.
|
|||||
| CVE-2007-1479 | 1 Creative Guestbook | 1 Creative Guestbook | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
|
|||||
| CVE-2007-1998 | 1 Hiox India | 1 Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.
|
|||||
| CVE-2006-6810 | 1 Db Hub | 1 Db Hub | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption.
|
|||||
| CVE-2006-6233 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
|
|||||
| CVE-2006-6201 | 2 Borland Software, Revilloc | 6 C\+\+ Builder, C Builder, Delphi and 3 more | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function.
|
|||||
| CVE-2007-2529 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 7.2 HIGH | N/A |
|
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.
|
|||||
| CVE-2007-3331 | 1 Stphp | 1 Easynews | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post.
|
|||||
| CVE-2009-1105 | 1 Sun | 1 Java | 2025-04-09 | 7.5 HIGH | N/A |
|
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
|
|||||
| CVE-2009-3749 | 1 Websense | 2 Email Security, Personal Email Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash) by sending a HTTP GET request to TCP port 8181 and closing the socket before the service can send a response.
|
|||||
| CVE-2006-5802 | 1 The Web Drivers | 1 Simple Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-0485 | 1 Webchat.org | 1 Webchat | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.
|
|||||
| CVE-2007-3313 | 1 Efstratios Geroulis | 1 Jasmine Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php.
|
|||||
| CVE-2007-0960 | 1 Cisco | 2 Asa 5500, Pix Firewall Software | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors.
|
|||||
| CVE-2006-6202 | 1 Nukeai | 1 Nukeai | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter.
|
|||||
| CVE-2006-6930 | 1 Ga Soft | 1 Rapid Classified | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-4480 | 1 Wordpress | 1 Sirius | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
|
|||||
| CVE-2006-6634 | 1 Mambo | 1 Extcalthai Module | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.
|
|||||
| CVE-2007-0701 | 1 Epistemon | 1 Epistemon | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
|
|||||
| CVE-2007-2775 | 1 Alstrasoft | 1 Live Support | 2025-04-09 | 10.0 HIGH | N/A |
|
AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.
|
|||||
| CVE-2007-2352 | 1 Afflib | 1 Afflib | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed.
|
|||||
| CVE-2006-7186 | 1 Web-app.net | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927.
|
|||||
| CVE-2007-1767 | 1 Aol | 1 Aol Client Software | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors.
|
|||||
| CVE-2006-5395 | 1 Microsoft | 1 Class Package Export Tool | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2007-0312 | 1 Wcsimple Poll | 1 Wcsimple Poll | 2025-04-09 | 7.8 HIGH | N/A |
|
wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.
|
|||||
| CVE-2007-2692 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 6.0 MEDIUM | N/A |
|
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
|
|||||
| CVE-2007-3867 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment.
|
|||||
| CVE-2006-3868 | 1 Microsoft | 1 Office | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
|
|||||
| CVE-2007-3747 | 1 Apple | 3 Ichat, Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet.
|
|||||
| CVE-2007-5240 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.
|
|||||
| CVE-2007-3388 | 1 Trolltech | 1 Qt | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
|
|||||
| CVE-2007-3616 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 6.5 MEDIUM | N/A |
|
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.
|
|||||
| CVE-2009-2841 | 1 Apple | 2 Mac Os X, Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rda ...
Show More |
|||||
| CVE-2007-3636 | 1 Squirrelmail | 2 Gpg Plugin, Squirrelmail | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
|
|||||
| CVE-2006-5368 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Exchange component in Oracle E-Business Suite 6.2.4 has unknown impact and remote attack vectors, aka Vuln# APPS01.
|
|||||
| CVE-2007-1978 | 1 Php Fusion | 1 Arcade Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.
|
|||||
| CVE-2006-6945 | 1 Virtuemart | 1 Virtuemart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php.
|
|||||
| CVE-2007-1158 | 1 Postnuke Software Foundation | 1 Pagesetter | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
|
|||||
| CVE-2006-6636 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.
|
|||||
| CVE-2007-4321 | 1 Fail2ban | 1 Fail2ban | 2025-04-09 | 6.8 MEDIUM | N/A |
|
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.
|
|||||