Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7049 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-09 | 7.5 HIGH | N/A |
|
The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.
|
|||||
| CVE-2006-5464 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
|
|||||
| CVE-2007-0143 | 1 Nune | 1 News Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.
|
|||||
| CVE-2006-6864 | 1 Enigma2 | 1 Coppermine Bridge | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
|
|||||
| CVE-2007-2183 | 1 Php-ring | 1 Webring System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter.
|
|||||
| CVE-2006-6508 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3943 | 1 Adaptive Business Design | 1 Infinite Responder | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-5853 | 1 Immediacy | 1 Immediacy .net Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie.
|
|||||
| CVE-2007-3426 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
|||||
| CVE-2006-4177 | 1 Novell | 1 Edirectory | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.
|
|||||
| CVE-2007-0079 | 1 Rblog | 1 Rblog | 2025-04-09 | 7.8 HIGH | N/A |
|
rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb.
|
|||||
| CVE-2006-6929 | 1 Ga Soft | 1 Rapid Classified | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.
|
|||||
| CVE-2007-3839 | 1 Tbdev.net | 1 Dr | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3948 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 4.3 MEDIUM | N/A |
|
connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.
|
|||||
| CVE-2006-6514 | 1 Flippet.org | 1 Winamp Web Interface | 2025-04-09 | 3.5 LOW | N/A |
|
Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of the root directory is a substring of the name of the target directory, as demonstrated by accessing C:\folder2 when the root directory is C:\folder.
|
|||||
| CVE-2007-2676 | 1 Open Translation Engine | 1 Open Translation Engine | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.
|
|||||
| CVE-2008-3792 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.1 HIGH | N/A |
|
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_k ...
Show More |
|||||
| CVE-2007-0484 | 1 Enthusiast | 1 Enthusiast | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5007 | 1 Ibm | 1 Aix | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.
|
|||||
| CVE-2007-6098 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-09 | 7.5 HIGH | N/A |
|
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection.
|
|||||
| CVE-2006-6921 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.
|
|||||
| CVE-2007-3681 | 1 Winpcap | 1 Winpcap | 2025-04-09 | 6.6 MEDIUM | N/A |
|
The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
|
|||||
| CVE-2006-6299 | 1 Novell | 1 Zenworks Asset Management | 2025-04-09 | 10.0 HIGH | N/A |
|
Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow.
|
|||||
| CVE-2007-3394 | 1 Endonesia | 1 Endonesia | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873.
|
|||||
| CVE-2007-3108 | 1 Openssl | 1 Openssl | 2025-04-09 | 1.2 LOW | N/A |
|
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
|
|||||
| CVE-2007-1370 | 1 Zend | 1 Zend Platform | 2025-04-09 | 6.2 MEDIUM | N/A |
|
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
|
|||||
| CVE-2006-6566 | 1 Mxbb | 1 Mxbb | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
|
|||||
| CVE-2008-6987 | 1 Ezonescripts | 1 Dating Website Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote attackers to execute arbitrary code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6039 | 1 Powie | 1 Php Matchmaker | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter.
|
|||||
| CVE-2006-6155 | 1 Hscripts | 1 Hiox Star Rating System Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0557 | 1 Rmake | 1 Rmake | 2025-04-09 | 7.2 HIGH | N/A |
|
rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.
|
|||||
| CVE-2006-6622 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
|
|||||
| CVE-2006-5009 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow.
|
|||||
| CVE-2006-6521 | 1 Scriptphp | 1 Messageriescripthp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter.
|
|||||
| CVE-2006-5910 | 1 Campware.org | 1 Campsite | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/.
|
|||||
| CVE-2007-3098 | 1 Castle Rock Computing | 1 Snmpc | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP.
|
|||||
| CVE-2007-0560 | 1 Asp Edge | 1 Asp Edge | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
|
|||||
| CVE-2006-7032 | 1 Tufat | 1 Flashbb | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-2348 | 1 Alexander V. Lukyanov | 1 Lftp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
|
|||||
| CVE-2006-7201 | 1 Emc | 1 Rsa Security Sitekey | 2025-04-09 | 9.3 HIGH | N/A |
|
EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.
|
|||||