Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4200 | 1 Brian Carrier | 1 The Slueth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image.
|
|||||
| CVE-2009-1876 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."
|
|||||
| CVE-2007-2269 | 1 Swsoft | 1 Plesk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.
|
|||||
| CVE-2007-0930 | 1 Apache Stats | 1 Apache Stats | 2025-04-09 | 7.5 HIGH | N/A |
|
Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
|
|||||
| CVE-2007-2671 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.1 HIGH | N/A |
|
Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.
|
|||||
| CVE-2006-5971 | 1 Verity | 1 Ultraseek | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable.
|
|||||
| CVE-2007-4443 | 1 Epic Games | 1 Unreal Engine | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors.
|
|||||
| CVE-2007-1870 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 7.8 HIGH | N/A |
|
lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
|
|||||
| CVE-2008-7137 | 1 Eye.fi | 1 Eye-fi Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors.
|
|||||
| CVE-2006-5933 | 1 Ultrasite | 1 Ultrasite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-1837 | 1 Mangobery Cms | 1 Mangobery Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the Site_Path parameter to (1) boxes/quotes.php or (2) templates/mangobery/footer.sample.php.
|
|||||
| CVE-2006-6787 | 1 Mxmania | 1 Newsletter Mx | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2006-6044 | 1 Phpquickgallery | 1 Phpquickgallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter.
|
|||||
| CVE-2007-4366 | 1 Wengo | 1 Wengophone | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
|
|||||
| CVE-2006-5038 | 1 Fiwin | 1 Ss28s Wifi Voip Sip Skype Phone | 2025-04-09 | 7.5 HIGH | N/A |
|
The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet.
|
|||||
| CVE-2007-1325 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 7.1 HIGH | N/A |
|
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.
|
|||||
| CVE-2007-1098 | 1 Scrymud | 1 Scrymud | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence.
|
|||||
| CVE-2007-0625 | 1 Nomachine | 1 Nx Server | 2025-04-09 | 4.9 MEDIUM | N/A |
|
nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.
|
|||||
| CVE-2007-0003 | 1 Andrew Morgan | 1 Linux Pam | 2025-04-09 | 7.2 HIGH | N/A |
|
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
|
|||||
| CVE-2006-5256 | 1 Claroline | 1 Claroline | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
|
|||||
| CVE-2007-2383 | 1 Prototypejs | 1 Prototype Framework | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
|
|||||
| CVE-2007-2705 | 1 Bea | 2 Weblogic Integration, Weblogic Workshop | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.
|
|||||
| CVE-2006-5125 | 1 Joshua Muheim | 1 Phpmywebmin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function.
|
|||||
| CVE-2007-0123 | 1 Uber Uploader | 1 Uber Uploader | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.
|
|||||
| CVE-2006-5061 | 1 Advanced-clan-script | 1 Advanced-clan-script | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in mcf.php in Advanced-Clan-Script (AVCX) 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
|
|||||
| CVE-2007-4238 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.
|
|||||
| CVE-2006-6526 | 1 Gizzar | 1 Gizzar | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
|
|||||
| CVE-2007-1687 | 1 Internet Pictures Corporation | 1 Ipix Image Well | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the Internet Pictures Corporation iPIX Image Well ActiveX control (iPIX-ImageWell-ipix.dll) allow remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2006-5005 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login.
|
|||||
| CVE-2007-2085 | 1 Oe2edit | 1 Oe2edit Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2007-2126 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02).
|
|||||
| CVE-2007-2303 | 1 News Manager Deluxe | 1 News Manager Deluxe | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
|
|||||
| CVE-2006-5602 | 1 Xsupplicant | 1 Xsupplicant | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors.
|
|||||
| CVE-2006-5196 | 1 Motorola | 1 Surfboard | 2025-04-09 | 7.8 HIGH | N/A |
|
The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter.
|
|||||
| CVE-2007-2054 | 1 Afflib | 1 Afflib | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFF ...
Show More |
|||||
| CVE-2007-0826 | 1 Kisisel Site 2007 | 1 Kisisel Site Forum.asp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
|
|||||
| CVE-2007-3545 | 1 Warzone | 1 Warzone 2100 Resurrection | 2025-04-09 | 7.1 HIGH | N/A |
|
Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename when setting background music.
|
|||||
| CVE-2007-1454 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
|
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.
|
|||||
| CVE-2007-2213 | 1 Ipswitch | 1 Ws Ftp | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."
|
|||||
| CVE-2007-0443 | 1 Gracenote | 1 Cddbcontrol Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters.
|
|||||