Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2362 | 1 Don Moore | 1 Mydns | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
|
|||||
| CVE-2007-1007 | 2 Ekiga, Redhat | 3 Ekiga, Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 10.0 HIGH | N/A |
|
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
|
|||||
| CVE-2007-2621 | 1 Extrovert Software | 1 Thyme Calndar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter.
|
|||||
| CVE-2007-2232 | 1 Cosign | 1 Cosign | 2025-04-09 | 7.5 HIGH | N/A |
|
The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter.
|
|||||
| CVE-2007-0461 | 1 Dazuko | 1 Dazuko | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors.
|
|||||
| CVE-2007-1619 | 1 Scriptmagix | 1 Scriptmagix Photo Rating | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.
|
|||||
| CVE-2006-6859 | 1 Website Designs For Less | 1 Click N Print Coupons | 2025-04-09 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
|
|||||
| CVE-2006-5466 | 2 Rpm, Ubuntu | 2 Package Manager, Ubuntu Linux | 2025-04-09 | 5.4 MEDIUM | N/A |
|
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.
|
|||||
| CVE-2006-5434 | 1 P-news | 1 P-news | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter.
|
|||||
| CVE-2007-4237 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
|
|||||
| CVE-2007-2038 | 1 Cisco | 4 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 4100 Wireless Lan Controller and 1 more | 2025-04-09 | 6.1 MEDIUM | N/A |
|
The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361.
|
|||||
| CVE-2006-6980 | 1 Magnatune.com | 1 Album Browser | 2025-04-09 | 2.6 LOW | N/A |
|
The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.
|
|||||
| CVE-2007-0538 | 1 Telligent Systems | 1 Community Server Forums | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.
|
|||||
| CVE-2007-4243 | 1 Astaro | 1 Security Gateway | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.
|
|||||
| CVE-2006-7148 | 1 Phpbb | 1 Maluinfo | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
|
|||||
| CVE-2007-1685 | 1 Bluecoat | 1 K9 Web Protection | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372.
|
|||||
| CVE-2007-3535 | 1 Frank Karau | 1 Gl-sh Deaf Forum | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php.
|
|||||
| CVE-2006-7073 | 1 Opentools | 1 Attachment Mod | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information.
|
|||||
| CVE-2006-7133 | 1 Php Upload Tool | 1 Php Upload Tool | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in upload/bin/download.php in Upload Tool for PHP 1.0 allows remote attackers to read arbitrary files via (1) ".." sequences or (2) absolute pathnames in the filename parameter.
|
|||||
| CVE-2007-1300 | 1 Douran Software Technologies | 1 Isputil | 2025-04-09 | 7.8 HIGH | N/A |
|
DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3459 | 1 Civiltech | 1 Avax Vector Activex | 2025-04-09 | 6.4 MEDIUM | N/A |
|
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
|
|||||
| CVE-2007-2164 | 1 Kde | 1 Konqueror | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
|
|||||
| CVE-2006-6342 | 1 Klf-design | 1 Klf-realty | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp.
|
|||||
| CVE-2006-6553 | 1 Mxbb | 1 Mxbb Newssuite | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
|
|||||
| CVE-2006-5179 | 1 Intoto | 2 Igateway Ssl-vpn, Igateway Vpn | 2025-04-09 | 5.4 MEDIUM | N/A |
|
Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940.
|
|||||
| CVE-2007-1728 | 1 Sony | 2 Playstation 3, Playstation Portable | 2025-04-09 | 7.8 HIGH | N/A |
|
The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets.
|
|||||
| CVE-2007-2804 | 1 Candypress | 1 Candypress Store | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters.
|
|||||
| CVE-2006-6306 | 1 Novell | 1 Client | 2025-04-09 | 1.2 LOW | N/A |
|
Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.
|
|||||
| CVE-2007-3197 | 1 Jelsoft | 1 Vbsupport Integrated Ticket System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-3300 | 1 F-secure | 6 F-secure Anti-virus, F-secure Anti-virus Linux Client Security, F-secure Anti-virus Linux Server Security and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
|
|||||
| CVE-2007-4205 | 2 Bluecat Networks, Linux-ha | 2 Adonis, Heartbeat | 2025-04-09 | 7.1 HIGH | N/A |
|
XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121.
|
|||||
| CVE-2006-5004 | 1 Ibm | 1 Aix | 2025-04-09 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.
|
|||||
| CVE-2007-2416 | 1 E-annu | 1 E-annu | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter.
|
|||||
| CVE-2007-1130 | 1 Scipter.ch | 1 Gastebuch | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
|
|||||
| CVE-2007-3458 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.
|
|||||
| CVE-2007-1530 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error.
|
|||||
| CVE-2007-3295 | 1 Yabb | 1 Yabb | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the En ...
Show More |
|||||
| CVE-2007-1421 | 1 Premod Subdog | 1 Premod Subdog | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/.
|
|||||
| CVE-2007-3190 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.
|
|||||
| CVE-2007-0482 | 1 Sun | 1 Ray Server Software | 2025-04-09 | 4.6 MEDIUM | N/A |
|
cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.
|
|||||