Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1266 | 1 Gnome | 1 Evolution | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
|
|||||
| CVE-2006-5516 | 1 Wikini | 1 Wikini | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php.
|
|||||
| CVE-2006-5667 | 1 P-book | 1 P-book | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.php.
|
|||||
| CVE-2007-3776 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
|
|||||
| CVE-2006-5649 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-09 | 4.6 MEDIUM | 5.5 MEDIUM |
|
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.
|
|||||
| CVE-2006-5732 | 1 Tgs Cms | 1 Tgs Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie.
|
|||||
| CVE-2007-2730 | 3 Checkpoint, Comodo, Microsoft | 6 Zonealarm, Comodo Firewall Pro, Comodo Personal Firewall and 3 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
|
|||||
| CVE-2007-3790 | 1 Php | 1 Php | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
|
|||||
| CVE-2007-3320 | 1 Avaya | 1 4602sw Ip Phone | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact.
|
|||||
| CVE-2007-1397 | 1 Fish | 1 Fish | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.
|
|||||
| CVE-2007-2100 | 1 Fac Guestbook | 1 Fac Guestbook | 2025-04-09 | 10.0 HIGH | N/A |
|
FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb.
|
|||||
| CVE-2007-1028 | 1 Barry Jaspan | 1 Image Pager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element.
|
|||||
| CVE-2006-5664 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files.
|
|||||
| CVE-2006-4250 | 1 Debian | 1 Debian Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.
|
|||||
| CVE-2009-3654 | 2 316solutions, Drupal | 2 Boost, Drupal | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors.
|
|||||
| CVE-2007-0532 | 1 Tuan Do | 1 Uploader | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt.
|
|||||
| CVE-2006-6318 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6187 | 1 Clicktech | 1 Clickgallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp, the currentpage or (5) orderby parameter to (c) gallery.asp, or the currentpage parameter to (d) view_recent.asp.
|
|||||
| CVE-2009-0301 | 1 Grid2000 | 1 Flexcell Grid Control | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods.
|
|||||
| CVE-2007-2701 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."
|
|||||
| CVE-2006-5975 | 1 Drumster | 1 Blogme | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field.
|
|||||
| CVE-2007-1540 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
|
|||||
| CVE-2007-0551 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.
|
|||||
| CVE-2007-0693 | 1 Dian Gemilang | 1 Dgnews | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).
|
|||||
| CVE-2007-0399 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
|
|||||
| CVE-2006-6493 | 1 Openldap | 1 Openldap | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.
|
|||||
| CVE-2006-5984 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which ...
Show More |
|||||
| CVE-2007-4481 | 1 Wordpress | 1 Blix | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
|
|||||
| CVE-2006-5894 | 1 Rama Cms | 1 Rama Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
|
|||||
| CVE-2007-3440 | 1 Snom | 2 320 Sip Phone, Snom 320 Linux | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800.
|
|||||
| CVE-2007-2824 | 1 Alstrasoft | 1 E-friends | 2025-04-09 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
|
|||||
| CVE-2006-5610 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
|
PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2008-7025 | 1 Checkpoint | 1 Zonealarm | 2025-04-09 | 4.3 MEDIUM | N/A |
|
TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response.
|
|||||
| CVE-2006-6017 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.0 MEDIUM | 6.5 MEDIUM |
|
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
|
|||||
| CVE-2006-6769 | 1 Php Live | 1 Php Live | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php.
|
|||||
| CVE-2007-2862 | 1 Devellion | 1 Cubecart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.
|
|||||
| CVE-2006-4580 | 1 The Address Book | 1 The Address Book | 2025-04-09 | 7.5 HIGH | N/A |
|
register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm".
|
|||||
| CVE-2006-6555 | 1 Easyfill | 1 Easyfill | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-0942 | 1 Microsoft | 6 Ie, Internet Explorer, Windows 2000 and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.
|
|||||
| CVE-2007-1556 | 1 Thecreativeheads.de | 1 Creative Files | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter.
|
|||||