Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6064 | 1 Fuzzball Muck | 1 Fuzzball Muck | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages.
|
|||||
| CVE-2006-6704 | 1 Atmail | 1 Atmail Webadmin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database."
|
|||||
| CVE-2007-2563 | 1 Versalsoft | 1 Http File Upload Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument.
|
|||||
| CVE-2007-0791 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-0550 | 1 Microsoft | 7 Ie, Internet Explorer, Windows 2000 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection ...
Show More |
|||||
| CVE-2006-6904 | 1 Broadcom | 1 Bluetooth Stack | 2025-04-09 | 7.9 HIGH | N/A |
|
Unspecified vulnerability in the Broadcom Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
|
|||||
| CVE-2006-5274 | 1 Mcafee | 3 Common Management Agent, Epolicy Orchestrator, Protectionpilot | 2025-04-09 | 7.6 HIGH | N/A |
|
Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-3588 | 1 Vbzoom | 1 Vbzoom | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4.
|
|||||
| CVE-2007-4149 | 1 Visionsoft | 1 Audit | 2025-04-09 | 10.0 HIGH | N/A |
|
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execu ...
Show More |
|||||
| CVE-2007-4451 | 1 Toribash | 1 Toribash | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters.
|
|||||
| CVE-2007-1188 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
|
WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".
|
|||||
| CVE-2007-2252 | 1 Exponent | 1 Exponent Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.
|
|||||
| CVE-2007-2503 | 1 Php Turbulence | 1 Php Turbulence | 2025-04-09 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion
|
|||||
| CVE-2007-2708 | 1 Feindt Computerservice | 1 News-script | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
|
|||||
| CVE-2006-4404 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
|
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.
|
|||||
| CVE-2007-3987 | 1 Junction Quest | 1 Image Racer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter.
|
|||||
| CVE-2007-2934 | 1 Windy Road | 1 Vistered Little | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.
|
|||||
| CVE-2006-6900 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."
|
|||||
| CVE-2007-6330 | 1 Meridian Software | 1 Prolog Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.
|
|||||
| CVE-2007-3587 | 1 Mycms | 1 Mycms | 2025-04-09 | 7.5 HIGH | N/A |
|
MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.
|
|||||
| CVE-2009-3736 | 1 Gnu | 1 Libtool | 2025-04-09 | 6.9 MEDIUM | N/A |
|
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
|
|||||
| CVE-2006-5587 | 1 Mdweb | 1 Mdweb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php.
|
|||||
| CVE-2006-6938 | 1 Nitrotech | 1 Nitrotech | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter.
|
|||||
| CVE-2007-1474 | 1 Horde | 2 Horde Application Framework, Imp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
|
|||||
| CVE-2007-3297 | 1 Cybozu Labs | 1 Musoo | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php.
|
|||||
| CVE-2006-5240 | 1 Docmint | 1 Docmint Cms | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.
|
|||||
| CVE-2007-0155 | 1 Harikaonline | 1 Harikaonline | 2025-04-09 | 7.5 HIGH | N/A |
|
HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.
|
|||||
| CVE-2006-6011 | 1 Sap | 1 Sap Web Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
|
|||||
| CVE-2007-1414 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.
|
|||||
| CVE-2006-4581 | 1 The Address Book | 1 The Address Book | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts.
|
|||||
| CVE-2006-7053 | 1 Arkoon | 1 Fast360 | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted."
|
|||||
| CVE-2009-0134 | 1 Share2 | 1 Easy Grid Control | 2025-04-09 | 9.3 HIGH | N/A |
|
Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-5658 | 1 Studio Achtundachtzig | 1 Bloomooweb Activex Control | 2025-04-09 | 7.6 HIGH | N/A |
|
BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method.
|
|||||
| CVE-2007-1040 | 1 Xpression News | 1 Xpression News | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.
|
|||||
| CVE-2006-6873 | 1 Endonesia | 1 Endonesia | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.
|
|||||
| CVE-2007-3803 | 1 Clavister | 1 Clavister Coreplus | 2025-04-09 | 10.0 HIGH | N/A |
|
The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.
|
|||||
| CVE-2007-2157 | 1 Zomplog | 1 Zomplog | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2007-0156 | 1 M-core | 1 M-core | 2025-04-09 | 7.5 HIGH | N/A |
|
M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.
|
|||||
| CVE-2007-2771 | 1 Lead Technologies | 1 Leadtools Jpeg 2000 | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property.
|
|||||
| CVE-2006-5822 | 1 Symantec | 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222.
|
|||||