Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0662 | 1 Hailboards | 1 Hailboards | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-2686 | 1 Jetbox | 1 Jetbox Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task.
|
|||||
| CVE-2007-4308 | 2 Adaptec, Linux | 2 Aacraid Controller, Linux Kernel | 2025-04-09 | 1.9 LOW | N/A |
|
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.
|
|||||
| CVE-2007-4369 | 1 Sote | 1 Soteesklep | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2009-4197 | 1 Huawei | 3 Mt882 Modem, Mt882 Modem Firmware, Mt882 V100t002b020 Arg-t | 2025-04-09 | 4.7 MEDIUM | N/A |
|
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.
|
|||||
| CVE-2006-6486 | 1 Easypage | 1 Easypage | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in EasyPage allows remote attackers to execute arbitrary SQL commands via unspecified vectors in sptrees/default.aspx, possibly involving the docId parameter. NOTE: this issue appears to have been disputed by a third party researcher, stating that SQL injection is not possible. However, insufficient details were provided to evaluate the dispute.
|
|||||
| CVE-2006-5508 | 1 Woltlab | 1 Burning Book | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header.
|
|||||
| CVE-2006-6224 | 1 Puntal | 1 Puntal | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array.
|
|||||
| CVE-2006-6669 | 1 Webcalendar | 1 Webcalendar | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.
|
|||||
| CVE-2006-6891 | 1 Vz Forum | 1 Vz Forum | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt.
|
|||||
| CVE-2006-5077 | 1 Minerva | 1 Minerva | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2006-5033 | 1 Paul Smith Computer Services | 1 Vcap | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding.
|
|||||
| CVE-2007-0346 | 1 Sme | 1 Filemailer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter.
|
|||||
| CVE-2007-0731 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
|
|||||
| CVE-2006-5976 | 1 Drumster | 1 Blogme | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2649 | 1 T-com | 1 Speedport W 700v | 2025-04-09 | 7.8 HIGH | N/A |
|
Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script.
|
|||||
| CVE-2008-4232 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
|
|||||
| CVE-2007-3700 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 1.7 LOW | N/A |
|
Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.
|
|||||
| CVE-2007-6629 | 1 Feng | 1 Feng | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line.
|
|||||
| CVE-2007-1422 | 1 Duyuru Scripti | 1 Duyuru Scripti | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688.
|
|||||
| CVE-2006-7015 | 1 Jobline | 1 Jobline | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests
|
|||||
| CVE-2006-5565 | 1 Maxdev | 1 Md-pro | 2025-04-09 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-6856 | 1 Webtext | 1 Webtext | 2025-04-09 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script.
|
|||||
| CVE-2006-4407 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.
|
|||||
| CVE-2006-5208 | 1 Deltascripts | 1 Php Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow remote attackers to execute arbitrary SQL commands via (1) the catid_search parameter in search.php and (2) the catid parameter in index.php.
|
|||||
| CVE-2007-3662 | 1 Media Player Classic | 1 Media Player Classic | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file.
|
|||||
| CVE-2007-0836 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 4.0 MEDIUM | N/A |
|
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0871 | 1 Extremepow | 1 Extreme File Hosting | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.
|
|||||
| CVE-2009-0317 | 1 Gnome | 1 Nautilus-python | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
|
|||||
| CVE-2007-1871 | 1 Chcounter | 1 Chcounter | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/.
|
|||||
| CVE-2007-0539 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.8 HIGH | N/A |
|
The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.
|
|||||
| CVE-2007-0811 | 1 Microsoft | 1 Ie | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
|
|||||
| CVE-2006-7163 | 1 Dreameesoft | 1 Password Master | 2025-04-09 | 6.9 MEDIUM | N/A |
|
DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5327 | 2 Apple, Openbase International Ltd | 2 Xcode, Openbase | 2025-04-09 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.
|
|||||
| CVE-2009-3004 | 1 Avant Force | 1 Avant Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.
|
|||||
| CVE-2006-6627 | 1 Softwin | 5 Bitdefender, Bitdefender Antivirus, Bitdefender Internet Security and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
|
|||||
| CVE-2007-5277 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.
|
|||||
| CVE-2007-0252 | 1 Easy-content Filemanager | 1 Easy-content Filemanager | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors.
|
|||||
| CVE-2007-1990 | 1 Sam Crew | 1 Myblog | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5818 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors.
|
|||||