Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6250 | 1 Songbird | 1 Songbird Media Player | 2025-04-09 | 7.8 HIGH | N/A |
|
Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the Unicode converter to be invoked.
|
|||||
| CVE-2007-3769 | 1 Netwin | 1 Surgeftp | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account.
|
|||||
| CVE-2007-3276 | 1 Siteatschool | 1 Siteatschool | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Site@School (S@S) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1781 | 1 Minna De Office | 1 Minna De Office | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Minna De Office 1.x and 2.x does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-4168 | 1 Libexif | 1 Libexif | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2007-1501 | 1 Avant Force | 1 Avant Browser | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header.
|
|||||
| CVE-2007-2697 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.1 MEDIUM | N/A |
|
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
|
|||||
| CVE-2007-2093 | 1 Limesoft | 1 Limesoft Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.
|
|||||
| CVE-2007-3577 | 1 Phpids | 1 Phpids | 2025-04-09 | 4.3 MEDIUM | N/A |
|
PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script.
|
|||||
| CVE-2007-0784 | 1 Rbl | 1 Tpassword | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters.
|
|||||
| CVE-2007-3575 | 1 Freedomain.co.nr | 1 Clone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php.
|
|||||
| CVE-2006-5436 | 1 Freefaq | 1 Freefaq | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter.
|
|||||
| CVE-2007-0488 | 1 Huawei | 1 Versatile Routing Platform | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command.
|
|||||
| CVE-2008-6530 | 1 Ezonescripts | 1 Living Local | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.
|
|||||
| CVE-2006-6446 | 1 Iware | 1 Iware Professional | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in iWare Professional 5.0.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the D parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2467 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
|
Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object.
|
|||||
| CVE-2007-2688 | 1 Cisco | 2 Ios, Ips Sensor Software | 2025-04-09 | 7.8 HIGH | N/A |
|
The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
|
|||||
| CVE-2007-3774 | 1 Dvbbs | 1 Dvbbs | 2025-04-09 | 7.8 HIGH | N/A |
|
Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb.
|
|||||
| CVE-2007-1481 | 1 Wbblog | 1 Wbblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd.
|
|||||
| CVE-2007-3813 | 1 Mkportal | 1 Noboard Module | 2025-04-09 | 4.3 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.
|
|||||
| CVE-2007-4183 | 1 Php Arena | 1 Pabugs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
|
|||||
| CVE-2007-2991 | 1 Evenzia | 1 Evenzia Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
|||||
| CVE-2007-4098 | 1 Tor | 1 Tor | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
|
|||||
| CVE-2009-3894 | 1 Dag.wieers | 1 Dstat | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.
|
|||||
| CVE-2007-2008 | 1 Pl-php | 1 Pl-php | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2009-0960 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.
|
|||||
| CVE-2006-5277 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
|
|||||
| CVE-2006-6460 | 2 Short Url, Url Tracker Script | 2 Short Url, Url Tracker Script | 2025-04-09 | 10.0 HIGH | N/A |
|
Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509.
|
|||||
| CVE-2007-0573 | 1 Nsgalphp | 1 Nsgalphp | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter.
|
|||||
| CVE-2006-5193 | 1 Wikyblog | 1 Wikyblog | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter.
|
|||||
| CVE-2007-1946 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 10.0 HIGH | N/A |
|
Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.
|
|||||
| CVE-2009-1517 | 1 Symantec | 1 Norton Ghost | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.
|
|||||
| CVE-2007-1683 | 1 Incredimail | 1 Immenushellext Activex Control | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-3573 | 1 Akocomment | 1 Akocomment | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421.
|
|||||
| CVE-2006-6161 | 1 Doug Luxem | 1 Liberum Help Desk | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1974 | 2 Wf-sections, Xoops | 3 Wf-sections, Happy Linux Xfsection Module, Zmagazine Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
|
|||||
| CVE-2007-0299 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.1 HIGH | N/A |
|
Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.
|
|||||
| CVE-2007-1763 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 7.1 HIGH | N/A |
|
The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow.
|
|||||
| CVE-2007-1221 | 1 Microsoft | 1 Xbox 360 | 2025-04-09 | 7.2 HIGH | N/A |
|
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.
|
|||||
| CVE-2006-5457 | 1 Casinosoft | 1 Casino Script | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field.
|
|||||