Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6579 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.
|
|||||
| CVE-2007-0610 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-4521 | 1 Novell | 1 Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request.
|
|||||
| CVE-2007-2424 | 1 The Merchant Project | 1 The Merchant | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.
|
|||||
| CVE-2009-2053 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.
|
|||||
| CVE-2006-5461 | 1 Avahi | 1 Avahi | 2025-04-09 | 2.1 LOW | N/A |
|
Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
|
|||||
| CVE-2007-0804 | 1 Ggcms | 1 Ggcms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
|
|||||
| CVE-2007-1416 | 1 Jccorp | 1 Urlshrink | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.
|
|||||
| CVE-2006-4926 | 1 Kaspersky Lab | 4 Kaspersky Anti-virus, Kaspersky Anti-virus Personal, Kaspersky Anti-virus Personal Pro and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
|
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.
|
|||||
| CVE-2009-3641 | 1 Snort | 1 Snort | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
|
|||||
| CVE-2007-2088 | 1 Sitebar | 1 Sitebar | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php.
|
|||||
| CVE-2006-5236 | 1 4homepages | 1 4images | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.
|
|||||
| CVE-2007-0353 | 1 Mywebland | 1 Mybloggie | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
|
|||||
| CVE-2006-5711 | 1 Eci Telecom | 1 B-focus Wireless 802.11bg Adsl2\+ Router | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote attackers to read arbitrary files via a certain HTTP request, as demonstrated by a request for a router configuration file, related to the /html/defs/ URI.
|
|||||
| CVE-2006-5353 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewrite Module, aka Vuln# OHS01.
|
|||||
| CVE-2007-0615 | 1 Hitachi | 2 Hibun Advanced Edition Server, Jpi Hibun Advanced Edition Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data.
|
|||||
| CVE-2007-1002 | 1 Evolution | 1 Shared Memo | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo.
|
|||||
| CVE-2007-1513 | 1 Grafx | 1 Company Website Builder Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in comanda.php in GraFX Company WebSite Builder (CWB) PRO 1.9.8, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter.
|
|||||
| CVE-2007-4164 | 1 Sun | 1 Java System Web Server | 2025-04-09 | 7.5 HIGH | N/A |
|
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
|
|||||
| CVE-2006-5321 | 1 Tincan | 1 Phplist | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2006-6839 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
|
|||||
| CVE-2006-7038 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service.
|
|||||
| CVE-2006-6374 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.
|
|||||
| CVE-2007-3166 | 1 Qualcomm | 1 Eudora | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.
|
|||||
| CVE-2007-4314 | 1 Pixlie | 1 Pixlie | 2025-04-09 | 6.8 MEDIUM | N/A |
|
pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. NOTE: this can be leveraged for traffic amplification or other denial of service.
|
|||||
| CVE-2007-2021 | 1 Pineapple Technologies | 1 Lore | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734. ...
Show More |
|||||
| CVE-2007-4334 | 1 Php-stats | 1 Php-stats | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter.
|
|||||
| CVE-2006-6949 | 1 Conti | 1 Ftpserver | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2006-6944 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 7.5 HIGH | N/A |
|
phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.
|
|||||
| CVE-2007-0554 | 1 Guo Xu Guos Posting System | 1 Guo Xu Guos Posting System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-1600 | 1 Digital Eye Gallery | 1 Digital Eye Gallery | 2025-04-09 | 9.3 HIGH | N/A |
|
PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.
|
|||||
| CVE-2008-5360 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.
|
|||||
| CVE-2008-0716 | 1 Symantec | 1 Altiris Notification Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack.
|
|||||
| CVE-2006-5747 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.
|
|||||
| CVE-2007-2751 | 1 Phpglossar | 1 Phpglossar | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php.
|
|||||
| CVE-2007-2859 | 1 Simpgb | 1 Simpgb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts.
|
|||||
| CVE-2007-0388 | 1 Woltlab | 1 Burning Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
|
|||||
| CVE-2007-1739 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 7.8 HIGH | N/A |
|
Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation.
|
|||||
| CVE-2007-3812 | 1 Cmscout | 1 Cmscout | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.
|
|||||
| CVE-2007-2287 | 1 Comus | 1 Comus | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
|
|||||