Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0192 | 1 Mkportal | 1 Mkportal | 2025-04-09 | 7.5 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack.
|
|||||
| CVE-2006-6656 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 2.1 LOW | N/A |
|
Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak.
|
|||||
| CVE-2007-0636 | 1 Inotify | 1 Incron | 2025-04-09 | 2.1 LOW | N/A |
|
Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."
|
|||||
| CVE-2007-0223 | 1 Nicola Asuni | 1 All In One Control Panel | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.
|
|||||
| CVE-2008-1147 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.
|
|||||
| CVE-2007-2710 | 1 Nagiosql | 1 Nagiosql | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-3382 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
|
layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2006-6040 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.
|
|||||
| CVE-2007-2098 | 1 Wabbit | 1 Wabbit Php Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters.
|
|||||
| CVE-2007-3152 | 1 Daniel Stenberg | 1 C-ares | 2025-04-09 | 7.5 HIGH | N/A |
|
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.
|
|||||
| CVE-2006-6372 | 1 James Barnsley | 1 Jab Guest Book | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1898 | 8 Apple, Hp, Jetbox and 5 more | 16 Mac Os X, Hp-ux, Tru64 and 13 more | 2025-04-09 | 5.8 MEDIUM | N/A |
|
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
|
|||||
| CVE-2007-3627 | 1 Php Lite | 1 Calendar Express | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5857 | 1 Knowledgetree Document Management | 1 Knowledgetree Document Management | 2025-04-09 | 6.5 MEDIUM | N/A |
|
The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of "browse documents" and dashboard requests.
|
|||||
| CVE-2007-2061 | 1 Afterlogic | 1 Mailbee Webmail | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
|||||
| CVE-2007-2613 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-09 | 8.3 HIGH | N/A |
|
WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.
|
|||||
| CVE-2007-0703 | 1 Webbuilder | 1 Webbuilder | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter.
|
|||||
| CVE-2006-5973 | 1 Timo Sirainen | 1 Dovecot | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
|
|||||
| CVE-2007-2393 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.
|
|||||
| CVE-2007-1853 | 1 Hitachi | 5 Jp1-hicommand Device Manager, Jp1-hicommand Global Link Availability Manager, Jp1-hicommand Replication Monitor and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors.
|
|||||
| CVE-2006-5249 | 1 Tagit | 1 Tagboard | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter.
|
|||||
| CVE-2007-4331 | 1 Ctw Design | 1 Findnix | 2025-04-09 | 4.3 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting (XSS) attacks via a URL in the page parameter.
|
|||||
| CVE-2006-6605 | 1 Mailenable | 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.
|
|||||
| CVE-2009-3884 | 1 Sun | 2 Jre, Openjdk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
|
|||||
| CVE-2007-0952 | 1 Scriptsez.net | 1 Virtual Calendar | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range.
|
|||||
| CVE-2007-2189 | 1 Mx Smartor | 1 Full Album Pack | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-0087 | 1 Microsoft | 1 Internet Information Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish t ...
Show More |
|||||
| CVE-2006-5307 | 1 Afgb | 1 Afgb Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the Htmls parameter in (1) add.php, (2) admin.php, (3) look.php, or (4) re.php.
|
|||||
| CVE-2007-3120 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0829 | 1 Alwil | 1 Avast Antivirus | 2025-04-09 | 4.4 MEDIUM | N/A |
|
avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.
|
|||||
| CVE-2006-6243 | 1 Fipsasp | 1 Fipsshop | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.
|
|||||
| CVE-2009-3932 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
|
The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state."
|
|||||
| CVE-2006-7213 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.
|
|||||
| CVE-2006-6883 | 1 Phpirc Bot | 1 Phpirc Bot | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used
|
|||||
| CVE-2009-3100 | 2 Sun, X.org | 3 Opensolaris, Solaris, X11 | 2025-04-09 | 4.0 MEDIUM | N/A |
|
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches.
|
|||||
| CVE-2007-0321 | 1 Macrovision | 1 Flexnet Connect | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.
|
|||||
| CVE-2006-5115 | 1 Kgb | 1 Kgb | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter.
|
|||||
| CVE-2007-0677 | 1 Cronosys | 1 Cadre Php Framework | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.
|
|||||
| CVE-2007-4120 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The o ...
Show More |
|||||
| CVE-2007-3603 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.
|
|||||