Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0869 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1338 | 1 Apple | 1 Airport Extreme | 2025-04-09 | 7.5 HIGH | N/A |
|
The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.
|
|||||
| CVE-2007-3976 | 1 Bwired | 1 Bwired | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
|
|||||
| CVE-2006-5768 | 1 Cyberfolio | 1 Cyberfolio | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php.
|
|||||
| CVE-2006-5370 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS06 for Oracle CRM Gateway for Mobile Devices and (2) APPS08 for Oracle iStore.
|
|||||
| CVE-2007-0288 | 1 Oracle | 1 Application Server | 2025-04-09 | 1.7 LOW | N/A |
|
Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.
|
|||||
| CVE-2007-4077 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channel ...
Show More |
|||||
| CVE-2007-1605 | 1 W-agora | 1 W-agora | 2025-04-09 | 5.0 MEDIUM | N/A |
|
w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) ...
Show More |
|||||
| CVE-2006-7193 | 1 Smarty | 1 Smarty | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant
|
|||||
| CVE-2007-0502 | 1 Webspell | 1 Webspell | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.
|
|||||
| CVE-2007-0308 | 1 Plain Black | 1 Webgui | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.
|
|||||
| CVE-2006-6985 | 1 Maxthon | 1 Maxthon | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
|
|||||
| CVE-2006-5963 | 1 Pentaware | 2 Pentasuite-pro, Pentazip | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename.
|
|||||
| CVE-2007-0417 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 10.0 HIGH | N/A |
|
BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.
|
|||||
| CVE-2006-7022 | 1 Fx-app | 1 Fx-app | 2025-04-09 | 10.0 HIGH | N/A |
|
The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.
|
|||||
| CVE-2007-2561 | 1 Fipsasp | 1 Fipscms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115.
|
|||||
| CVE-2006-6409 | 1 F-secure | 1 F-secure Anti-virus | 2025-04-09 | 10.0 HIGH | N/A |
|
F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and possibly bypass virus detection, by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
|
|||||
| CVE-2007-0015 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
|
|||||
| CVE-2009-0636 | 1 Cisco | 1 Ios | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message.
|
|||||
| CVE-2007-0895 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 2.6 LOW | N/A |
|
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.
|
|||||
| CVE-2009-1710 | 1 Apple | 1 Safari | 2025-04-09 | 2.6 LOW | N/A |
|
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
|
|||||
| CVE-2007-2096 | 1 Hinton Design | 1 Phphd Download System | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter. NOTE: this issue may be present in versions from 2006.
|
|||||
| CVE-2006-5088 | 1 Phpheaven | 1 Phpmychat | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter.
|
|||||
| CVE-2009-2051 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.
|
|||||
| CVE-2007-2210 | 1 Netsprint | 1 Ask Ie Toolbar | 2025-04-09 | 7.8 HIGH | N/A |
|
A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow.
|
|||||
| CVE-2008-0594 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
|
|||||
| CVE-2006-6022 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||
| CVE-2007-4410 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | 6.0 MEDIUM | N/A |
|
ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.
|
|||||
| CVE-2006-7067 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect.
|
|||||
| CVE-2007-4411 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | 4.3 MEDIUM | N/A |
|
ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.
|
|||||
| CVE-2007-2923 | 1 Novell | 1 Extend Director | 2025-04-09 | 9.3 HIGH | N/A |
|
The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2007-2026 | 2 Amavis, Gentoo | 2 Virus Scanner, File | 2025-04-09 | 7.8 HIGH | N/A |
|
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
|
|||||
| CVE-2006-6175 | 1 Horde | 1 Kronolith | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter.
|
|||||
| CVE-2006-5680 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.
|
|||||
| CVE-2007-1529 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack.
|
|||||
| CVE-2007-2696 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.
|
|||||
| CVE-2006-5358 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln# FORM01.
|
|||||
| CVE-2007-3920 | 3 Compiz, Gnome, Ubuntu | 3 Compiz, Screensaver, Ubuntu Linux | 2025-04-09 | 6.2 MEDIUM | N/A |
|
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
|
|||||
| CVE-2009-1574 | 1 Ipsec-tools | 1 Ipsec-tools | 2025-04-09 | 5.0 MEDIUM | N/A |
|
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
|
|||||
| CVE-2007-1186 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact.
|
|||||