Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0780 | 1 Openbsd | 1 Openbsd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path.
|
|||||
| CVE-2007-4615 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.
|
|||||
| CVE-2006-6354 | 1 Duware | 11 Duamazon, Duarticle, Duclassified and 8 more | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
|
|||||
| CVE-2007-0390 | 1 Sabros.us | 1 Sabros.us | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
|
|||||
| CVE-2007-4042 | 2 Microsoft, Netscape | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
|
|||||
| CVE-2007-1114 | 1 Microsoft | 1 Ie | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
|
|||||
| CVE-2006-5103 | 1 Bbsnew | 1 Bbsnew | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter.
|
|||||
| CVE-2006-6087 | 1 My Little Homepage | 1 My Little Weblog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
|||||
| CVE-2006-6603 | 1 Yahoo | 1 Messenger | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information.
|
|||||
| CVE-2006-5404 | 1 Symantec | 4 Automated Support Assistant, Norton Antivirus, Norton Internet Security and 1 more | 2025-04-09 | 2.6 LOW | N/A |
|
Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2009-2872 | 1 Cisco | 1 Ios | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel, aka Bug IDs CSCsh97579 and CSCsq31776.
|
|||||
| CVE-2007-4230 | 1 Jems Scripts | 1 Bellabiblio | 2025-04-09 | 7.5 HIGH | N/A |
|
BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash
|
|||||
| CVE-2007-0448 | 1 Php | 1 Php | 2025-04-09 | 10.0 HIGH | N/A |
|
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
|
|||||
| CVE-2007-1653 | 1 Glowworm | 1 Glowworm | 2025-04-09 | 7.8 HIGH | N/A |
|
GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial of service (kernel panic) via certain DNS responses that trigger infinite recursion in TrueDNS packet parsing, as originally observed with certain login.yahoo.com responses.
|
|||||
| CVE-2006-5099 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-09 | 7.5 HIGH | N/A |
|
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.
|
|||||
| CVE-2007-0925 | 1 Communityserver.org | 1 Community Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2006-7071 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
|
|||||
| CVE-2007-1057 | 1 Nortel | 4 Alteon 2424 Application Switch, Net Direct Client, Ssl Vpn Module 1000 and 1 more | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.
|
|||||
| CVE-2007-0704 | 1 Somery | 1 Somery | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation.
|
|||||
| CVE-2007-2935 | 1 Fundanemt | 1 Fundanemt | 2025-04-09 | 7.5 HIGH | N/A |
|
core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.
|
|||||
| CVE-2007-4527 | 1 Phphq | 1 Phuploader | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in phUploader.php in phphq.Net phUploader 1.2 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3248 | 1 Sun | 1 Solaris | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.
|
|||||
| CVE-2006-6538 | 1 D-link | 1 Dwl-2000ap\+ | 2025-04-09 | 7.8 HIGH | N/A |
|
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
|
|||||
| CVE-2007-2916 | 1 Gmtt | 1 Music Distro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter.
|
|||||
| CVE-2009-3370 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
|
|||||
| CVE-2007-0881 | 1 Openi-cms Group | 1 Openi-cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750.
|
|||||
| CVE-2007-2271 | 1 Rajneel Lal Totaram | 1 Usp Foss Distribution | 2025-04-09 | 9.4 HIGH | N/A |
|
Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter.
|
|||||
| CVE-2008-6660 | 1 Ozerov | 1 Bigdump | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2969 | 1 Wanewsletter | 1 Wanewsletter | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter.
|
|||||
| CVE-2007-0609 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.
|
|||||
| CVE-2006-6877 | 1 Matteo Lucarelli | 1 3editor Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2007-5156 | 4 Cardinal Cms Project, Redlinesoft, Sitex Cms Project and 1 more | 4 Cardinal Cms, Lanai Cms, Sitex Cms and 1 more | 2025-04-09 | 7.5 HIGH | N/A |
|
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
|
|||||
| CVE-2006-5913 | 1 Microsoft | 1 Ie | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805.
|
|||||
| CVE-2007-3095 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.
|
|||||
| CVE-2007-3666 | 1 Symantec | 1 Norton Ghost | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function.
|
|||||
| CVE-2006-6830 | 1 Cafelog | 1 B2 Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.
|
|||||
| CVE-2007-1295 | 1 Aj Forum | 1 Aj Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
|
|||||
| CVE-2006-5299 | 1 Gcontact | 1 Gcontact | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2006-5320 | 1 Morian | 1 Album Photo Sans Nom | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in getimg.php in Album Photo Sans Nom 1.6 allows remote attackers to read arbitrary files via the img parameter.
|
|||||
| CVE-2007-2936 | 1 Frequency Clock | 1 Frequency Clock | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.
|
|||||