Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0697 | 1 Mentiss Acgv | 1 Acgvannu | 2025-04-09 | 6.4 MEDIUM | N/A |
|
index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-7101 | 1 Phpwind | 1 Phpwind | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie.
|
|||||
| CVE-2006-5876 | 1 Libsoup | 1 Libsoup | 2025-04-09 | 7.8 HIGH | N/A |
|
The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.
|
|||||
| CVE-2007-3298 | 1 Spey | 1 Spey | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components.
|
|||||
| CVE-2006-6371 | 1 James Barnsley | 1 Jab Guest Book | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter.
|
|||||
| CVE-2007-5355 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.
|
|||||
| CVE-2006-4579 | 1 The Address Book | 1 The Address Book | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. (dot dot) in the language parameter.
|
|||||
| CVE-2007-2071 | 1 Open-gorotto | 1 Open-gorotto | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/.
|
|||||
| CVE-2006-5253 | 1 Dayana Networks | 1 Phponline | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in strload.php in Dayana Networks phpOnline (aka PHP-Online) 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the LangFile parameter.
|
|||||
| CVE-2006-6926 | 1 Extremail | 1 Extremail | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-3894 | 1 Dell | 2 Bsafe Cert-c, Bsafe Crypto-c | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
|
|||||
| CVE-2006-6914 | 1 Ibm | 1 Aix | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.
|
|||||
| CVE-2008-5404 | 1 Grid2000 | 1 Flexcell Grid Control | 2025-04-09 | 10.0 HIGH | N/A |
|
Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3314 | 1 Altap | 2 Portable Executable Viewer, Servant Salamander | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file.
|
|||||
| CVE-2008-5681 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.
|
|||||
| CVE-2006-6694 | 1 Scriptsfrenzy.com | 1 E-uploader Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php.
|
|||||
| CVE-2006-6802 | 1 Enthrallweb | 1 Epages | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
|
|||||
| CVE-2007-0366 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.
|
|||||
| CVE-2007-2193 | 1 Acd Systems | 2 Acdsee, Photo Editor | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-1450 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.
|
|||||
| CVE-2007-1648 | 1 Dev0.de | 1 0irc | 2025-04-09 | 7.8 HIGH | N/A |
|
0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference.
|
|||||
| CVE-2007-3168 | 1 Edraw | 1 Office Viewer Component | 2025-04-09 | 7.8 HIGH | N/A |
|
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
|
|||||
| CVE-2007-2851 | 1 Lead Technologies | 1 Leadtools Raster Variant Object Library | 2025-04-09 | 7.5 HIGH | N/A |
|
A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method.
|
|||||
| CVE-2006-6972 | 1 Btitracker | 1 Btitracker | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable.
|
|||||
| CVE-2007-4478 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content.
|
|||||
| CVE-2007-2478 | 1 Cerulean Studios | 1 Trillian Pro | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.
|
|||||
| CVE-2006-4252 | 1 Powerdns | 1 Recursor | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop.
|
|||||
| CVE-2006-5652 | 1 Sun | 1 Iplanet Messaging Server Messenger Express | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.
|
|||||
| CVE-2007-0452 | 1 Samba | 1 Samba | 2025-04-09 | 6.8 MEDIUM | N/A |
|
smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.
|
|||||
| CVE-2006-5561 | 1 Discuz | 1 Discuz Gbk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie.
|
|||||
| CVE-2006-6791 | 1 Chatwm | 1 Chatwm | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters.
|
|||||
| CVE-2006-5935 | 1 Shopsystems | 1 Shopsystems | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ShopSystems 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the sessid parameter.
|
|||||
| CVE-2006-6441 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive.
|
|||||
| CVE-2006-5203 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
|
|||||
| CVE-2008-1804 | 1 Snort | 1 Snort | 2025-04-09 | 6.8 MEDIUM | N/A |
|
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.
|
|||||
| CVE-2007-4279 | 1 Frontaccounting | 1 Frontaccounting | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
|
|||||
| CVE-2007-0604 | 1 Six Apart Ltd | 1 Movable Type | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231.
|
|||||
| CVE-2006-5089 | 1 My-bic | 1 My-bic | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. CVE disputes this vulnerability because the file variable is defined before use in a way that prevents arbitrary inclusion
|
|||||
| CVE-2006-5463 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
|
|||||
| CVE-2007-0130 | 1 Igeneric | 1 Ig Calendar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||