Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1199 | 1 Adobe | 1 Acrobat Reader | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.
|
|||||
| CVE-2007-3499 | 1 Slackroll | 1 Slackroll | 2025-04-09 | 6.4 MEDIUM | N/A |
|
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.
|
|||||
| CVE-2006-5029 | 1 Woltlab | 1 Burning Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.
|
|||||
| CVE-2007-2996 | 1 Ibm | 1 Aix | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl."
|
|||||
| CVE-2007-0055 | 1 Fersch | 1 Formbankserver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-7035 | 1 Super Link Exchange Script | 1 Super Link Exchange Script | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter.
|
|||||
| CVE-2006-7115 | 1 Phpkit | 1 Phpkit | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.
|
|||||
| CVE-2007-0868 | 1 Yahoo | 1 Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3093 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.
|
|||||
| CVE-2006-5106 | 1 Facileforms | 1 Facileforms | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-2259 | 1 Esforum | 1 Esforum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.
|
|||||
| CVE-2006-5761 | 1 Rhadrix | 1 If-cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter.
|
|||||
| CVE-2006-5586 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
|
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
|
|||||
| CVE-2006-7207 | 1 Ageet | 1 Agephone | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors.
|
|||||
| CVE-2007-3488 | 1 Sony | 1 Sony Network Camera Snc-p5 | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNe ...
Show More |
|||||
| CVE-2006-5731 | 1 Lithium Cms | 1 Lithium Cms | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the siteconf[curl] parameter, as demonstrated by a POST to news/comment.php containing PHP code, which is stored under db/comments/news/ and included by classes/index.php.
|
|||||
| CVE-2007-0465 | 1 Apple | 2 Installer, Mac Os X | 2025-04-09 | 7.6 HIGH | N/A |
|
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.
|
|||||
| CVE-2006-5087 | 1 Evobb | 1 Evobb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) track.php or (2) connect.php.
|
|||||
| CVE-2007-0800 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
|
|||||
| CVE-2007-2725 | 1 Db Soft Lab | 1 Dewizardx | 2025-04-09 | 7.5 HIGH | N/A |
|
The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function.
|
|||||
| CVE-2007-1578 | 1 Atrium Software | 1 Mercur Imapd | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
|
|||||
| CVE-2006-5591 | 1 Pacos Drivers | 1 Pacpoll | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
|
|||||
| CVE-2007-4332 | 1 Article Dashboard | 1 Article Dashboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in article.php in Article Dashboard, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0926 | 1 Kvguestbook | 1 Kvguestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables.
|
|||||
| CVE-2006-6925 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.
|
|||||
| CVE-2007-4060 | 1 Frank Yaul | 1 Corehttp | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request.
|
|||||
| CVE-2006-6387 | 1 Link Content Management Server | 1 Link Content Management Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0966 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.
|
|||||
| CVE-2007-2481 | 1 Ruben Boelinger | 1 Wordtube | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
|
|||||
| CVE-2007-3520 | 1 Easybe | 1 1-2-3 Music Store | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
|
|||||
| CVE-2006-5116 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.
|
|||||
| CVE-2007-2249 | 1 Phorum | 1 Phorum | 2025-04-09 | 6.5 MEDIUM | N/A |
|
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.
|
|||||
| CVE-2007-1196 | 1 Citrix | 1 Presentation Server Client | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.
|
|||||
| CVE-2006-5890 | 1 Superfreaker Studios | 1 Usupport | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-0428 | 1 Wzdftpd | 1 Wzdftpd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.
|
|||||
| CVE-2006-5804 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
|
|||||
| CVE-2007-4302 | 1 Freshmeat | 1 Generic Software Wrappers Toolkit | 2025-04-09 | 6.2 MEDIUM | N/A |
|
Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing.
|
|||||
| CVE-2007-4057 | 1 Neocrome | 1 Seditio | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with (1) .php.gif, (2) .php.jpg, or (3) .php.png.
|
|||||
| CVE-2006-5207 | 1 Phpmyteam | 1 Phpmyteam | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in images/smileys/smileys_packs.php in phpMyTeam 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the smileys_dir parameter.
|
|||||
| CVE-2007-3664 | 1 Eltima Software | 1 Runservice | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Eltima Software RunService ActiveX control (RunService.dll) allow remote attackers to cause a denial of service via certain functions when "improperly used", as demonstrated by the AcceptControls subroutine.
|
|||||