Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7027 | 1 Microsoft | 1 Isa Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
|
|||||
| CVE-2007-0590 | 1 Forum Livre | 1 Forum Livre | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.
|
|||||
| CVE-2009-2940 | 2 Pygresql, Python | 2 Pygresql, Python | 2025-04-09 | 7.5 HIGH | N/A |
|
The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
|
|||||
| CVE-2008-1796 | 2 Comix, Redhat | 2 Comix, Fedora | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.
|
|||||
| CVE-2007-2132 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02.
|
|||||
| CVE-2007-0419 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
|
|||||
| CVE-2006-5475 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
|
|||||
| CVE-2007-1131 | 1 Scripter.ch | 1 Sinapis Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
|
|||||
| CVE-2007-3210 | 1 Cellosoft | 1 Cellosoft Tokens Object | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3329 | 1 Xvid | 1 Xvid | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file.
|
|||||
| CVE-2007-2559 | 1 American Cart | 1 American Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php.
|
|||||
| CVE-2008-1999 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.
|
|||||
| CVE-2006-6153 | 1 Vspin.net | 1 Classified System | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp.
|
|||||
| CVE-2006-6484 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer dereference, as addressed by the ME-10023 hotfix, and a different issue than CVE-2006-6423. NOTE: some details were obtained from third party information.
|
|||||
| CVE-2006-5485 | 1 Speedberg | 1 Speedberg | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php.
|
|||||
| CVE-2007-2699 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.1 HIGH | N/A |
|
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
|
|||||
| CVE-2007-3279 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 10.0 HIGH | N/A |
|
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.
|
|||||
| CVE-2007-2373 | 1 Wf-links | 1 Wf-links | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2006-5712 | 1 Mirapoint | 1 Mirapoint Webmail | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element.
|
|||||
| CVE-2006-6588 | 1 Apache | 1 Ofbiz | 2025-04-09 | 7.5 HIGH | N/A |
|
The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
|
|||||
| CVE-2006-7190 | 1 Web-app.net | 1 Webapp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc.
|
|||||
| CVE-2006-6850 | 1 Shadowed Works | 1 Shadowed Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
|
|||||
| CVE-2006-4689 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
|
|||||
| CVE-2007-1744 | 2 Microsoft, Vmware | 2 Windows Xp, Workstation | 2025-04-09 | 6.3 MEDIUM | N/A |
|
Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.
|
|||||
| CVE-2008-7021 | 1 Availscript | 1 Jobs Portal Script | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory.
|
|||||
| CVE-2007-2968 | 1 Cpcommerce | 1 Cpcommerce | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field).
|
|||||
| CVE-2007-3252 | 1 Portalapp | 1 Portalapp | 2025-04-09 | 7.8 HIGH | N/A |
|
PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786.
|
|||||
| CVE-2007-4280 | 1 Asterisk | 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more | 2025-04-09 | 3.5 LOW | N/A |
|
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
|
|||||
| CVE-2007-0249 | 1 Nwom | 1 Nwom Topsites | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.
|
|||||
| CVE-2007-3271 | 1 Yourfreescreamer | 1 Yourfreescreamer | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter.
|
|||||
| CVE-2006-5537 | 1 D-link | 1 Dsl-g624t | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters.
|
|||||
| CVE-2006-6643 | 1 Fightersoft Multimedia | 1 Star Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments.
|
|||||
| CVE-2006-5617 | 1 Thepeak | 1 Thepeak File Upload Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter.
|
|||||
| CVE-2006-6270 | 1 Kervancilar | 1 Aspmforum | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp ...
Show More |
|||||
| CVE-2006-5889 | 1 Brewblogger | 1 Brewblogger | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-1533 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.
|
|||||
| CVE-2007-3526 | 1 Vastal I-tech | 1 Buddy Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
|
|||||
| CVE-2007-3883 | 1 Datadynamics | 1 Activebar | 2025-04-09 | 5.1 MEDIUM | N/A |
|
The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.
|
|||||
| CVE-2007-0415 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.
|
|||||
| CVE-2007-5890 | 1 Easygb | 1 Easygb | 2025-04-09 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||