Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6543 | 1 Appintellect | 1 Spotlight Crm | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) login (UserName) and possibly (2) password parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0113 | 1 Packeteer | 1 Packetwise | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm.
|
|||||
| CVE-2007-0774 | 1 Apache | 1 Tomcat Jk Web Server Connector | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
|
|||||
| CVE-2007-3155 | 1 Egroupware | 1 Egroupware | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.
|
|||||
| CVE-2006-6909 | 1 Karl Dahlke | 1 Edbrowse | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.
|
|||||
| CVE-2007-3800 | 1 Symantec | 2 Client Security, Norton Antivirus | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
|
|||||
| CVE-2007-3047 | 1 Vonage | 1 Voip Telephone Adapter | 2025-04-09 | 10.0 HIGH | N/A |
|
The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.
|
|||||
| CVE-2006-5946 | 1 Funkyasp | 1 Glossary | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter.
|
|||||
| CVE-2006-6450 | 1 Novell | 1 Zenworks Patch Management Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters.
|
|||||
| CVE-2007-0262 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.8 HIGH | N/A |
|
WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.
|
|||||
| CVE-2006-5806 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 2.1 LOW | N/A |
|
SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.
|
|||||
| CVE-2006-7061 | 1 Scriptsez.net | 1 E-dating System | 2025-04-09 | 9.3 HIGH | N/A |
|
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.
|
|||||
| CVE-2007-2485 | 1 Ruben Boelinger | 1 Myflash | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
|
|||||
| CVE-2007-1127 | 1 Watersweb Shops | 1 Shop Kit Plus | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.
|
|||||
| CVE-2007-0311 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.
|
|||||
| CVE-2007-0418 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.5 HIGH | N/A |
|
BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.
|
|||||
| CVE-2006-5064 | 1 Birdblog | 1 Birdblog | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2007-3319 | 1 Avaya | 1 4602sw Ip Phone | 2025-04-09 | 7.5 HIGH | N/A |
|
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.
|
|||||
| CVE-2007-2606 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
|
|||||
| CVE-2007-0792 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.5 HIGH | N/A |
|
The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
|
|||||
| CVE-2007-0365 | 1 Nicola Asuni | 1 All In One Control Panel | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830.
|
|||||
| CVE-2007-2885 | 1 Microsoft | 1 Visual Database Tools Database Designer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument.
|
|||||
| CVE-2007-3727 | 1 Valarsoft | 1 Webmatic | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area."
|
|||||
| CVE-2007-2913 | 1 Clonuswiki | 1 Clonuswiki | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
|||||
| CVE-2008-5986 | 1 Csound | 1 Csound | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
|
|||||
| CVE-2006-5738 | 1 Punbb | 1 Punbb | 2025-04-09 | 2.1 LOW | 7.2 HIGH |
|
Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-0356 | 2 Common Controls Replacement Project, Microsoft | 2 Foldertreeview Activex Control, Ie | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.
|
|||||
| CVE-2007-1844 | 1 Avatic | 1 Aardvark Topsites Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php.
|
|||||
| CVE-2007-1698 | 1 Philex | 1 Philex | 2025-04-09 | 5.0 MEDIUM | N/A |
|
download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter.
|
|||||
| CVE-2006-5319 | 1 Toxi | 1 Foafgen | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in redir.php in Foafgen 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the foaf parameter.
|
|||||
| CVE-2007-0824 | 1 Lightro | 1 Lightro Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter.
|
|||||
| CVE-2009-2864 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.
|
|||||
| CVE-2007-1487 | 3 Cyber Inside, Cyberteddy, Sascha Schroeder | 3 Weblog, Weblog, Weblog | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action.
|
|||||
| CVE-2007-0453 | 1 Samba | 1 Samba | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
|
|||||
| CVE-2007-0814 | 1 Adrenalin Labs | 1 Adrenalins Asp Chat | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat.
|
|||||
| CVE-2007-2013 | 1 Jex-treme | 1 Einfacher Passworschutz | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||
| CVE-2007-3403 | 1 Dreamlog | 1 Dreamlog | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
|
|||||
| CVE-2007-1607 | 1 W-agora | 1 W-agora | 2025-04-09 | 5.0 MEDIUM | N/A |
|
search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.
|
|||||
| CVE-2006-6420 | 1 Ryan Demmer | 1 Joomla Content Editor | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2182 | 1 Maran | 1 Php Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter.
|
|||||