Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7168 | 1 Uusee | 2 Uusee, Uuupgrade.ocx | 2025-04-09 | 9.3 HIGH | N/A |
|
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.
|
|||||
| CVE-2007-1365 | 1 Openbsd | 1 Openbsd | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.
|
|||||
| CVE-2007-0231 | 1 Six Apart | 1 Movable Type | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field.
|
|||||
| CVE-2007-1373 | 1 Pmail | 1 Mercury Mail Transport System | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
|
|||||
| CVE-2007-3221 | 1 Xoops | 1 Xt-conteudo Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
|
|||||
| CVE-2007-1542 | 1 Cisco | 2 7940 Router, 7960 Router | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2298 | 1 Gforge | 1 Garennes | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.
|
|||||
| CVE-2006-4409 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
|
|||||
| CVE-2006-6719 | 1 Gnu | 1 Wget | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
|
|||||
| CVE-2007-1775 | 1 Jbrowser | 1 Jbrowser | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0266 | 1 Ezboxx | 1 Ezboxx Portal System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.
|
|||||
| CVE-2007-1749 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2007-2347 | 2 Oneclick Cms, Sisplet Cms | 2 Oneclick Cms, Sisplet Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
|
|||||
| CVE-2006-5618 | 1 Netref | 1 Netref | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter.
|
|||||
| CVE-2007-1934 | 1 Php-nuke | 1 Eboard Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.
|
|||||
| CVE-2007-2466 | 1 Sun | 2 Java System Directory Server, One Directory Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.
|
|||||
| CVE-2007-0260 | 1 Naig | 1 Naig | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use
|
|||||
| CVE-2006-5259 | 1 Compteur | 1 Compteur | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in param_editor.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the folder parameter.
|
|||||
| CVE-2007-0179 | 1 Phpkit | 1 Phpkit | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.
|
|||||
| CVE-2007-2258 | 1 Phpmybibli | 1 Phpmybibli | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
|
|||||
| CVE-2006-6358 | 1 Stefan Frech | 1 Online-bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6894 | 1 Spine | 1 Spine | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security."
|
|||||
| CVE-2007-6546 | 1 Runcms | 1 Runcms | 2025-04-09 | 6.4 MEDIUM | N/A |
|
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
|
|||||
| CVE-2007-0565 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2025-04-09 | 7.5 HIGH | N/A |
|
CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors.
|
|||||
| CVE-2006-6828 | 1 Efkan Forum | 1 Efkan Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794.
|
|||||
| CVE-2006-4247 | 1 Plone | 1 Plone | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."
|
|||||
| CVE-2006-5072 | 1 Mono | 1 Mono | 2025-04-09 | 6.2 MEDIUM | N/A |
|
The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.
|
|||||
| CVE-2007-2721 | 1 Jasper Jpeg-2000 | 1 Jasper Jpeg-2000 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.
|
|||||
| CVE-2007-0578 | 1 Mpg123 | 1 Mpg123 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
|
|||||
| CVE-2006-6983 | 1 Myweb4net | 1 Myweb4net Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
|
|||||
| CVE-2006-6815 | 1 Dmxready | 1 Dmxready Secure Login Manager | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel.
|
|||||
| CVE-2006-7202 | 1 Mambo | 1 Mambo Open Source | 2025-04-09 | 7.8 HIGH | N/A |
|
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.
|
|||||
| CVE-2006-7058 | 1 Sphider | 1 Sphider | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2847 | 1 Hlstats | 1 Hlstats | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812.
|
|||||
| CVE-2009-3985 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
|
|||||
| CVE-2006-6364 | 1 Inside Systems | 1 Inside Systems | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
|
|||||
| CVE-2007-4495 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124.
|
|||||
| CVE-2006-5522 | 1 Johannes Erdfelt | 1 Kawf | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php.
|
|||||
| CVE-2007-1634 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2025-04-09 | 7.5 HIGH | N/A |
|
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.
|
|||||
| CVE-2006-6244 | 1 Coalescent Systems | 1 Freepbx | 2025-04-09 | 7.5 HIGH | N/A |
|
Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number).
|
|||||