Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6995 | 1 V3 Chat | 1 V3chat Instant Messenger | 2025-04-09 | 6.0 MEDIUM | N/A |
|
mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.
|
|||||
| CVE-2007-1771 | 1 Ay System Solutions | 1 Web Content System | 2025-04-09 | 9.3 HIGH | N/A |
|
PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter.
|
|||||
| CVE-2006-5405 | 1 Toshiba | 1 Bluetooth Wireless Device Driver | 2025-04-09 | 6.2 MEDIUM | N/A |
|
Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets.
|
|||||
| CVE-2008-2714 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced."
|
|||||
| CVE-2007-1085 | 1 Google | 1 Desktop | 2025-04-09 | 7.6 HIGH | N/A |
|
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.
|
|||||
| CVE-2006-5091 | 1 Hp | 1 Hp-ux | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.
|
|||||
| CVE-2007-2359 | 1 Symantec | 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.
|
|||||
| CVE-2007-1608 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.5 HIGH | N/A |
|
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
|
|||||
| CVE-2006-4394 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.5 HIGH | N/A |
|
A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors.
|
|||||
| CVE-2006-5483 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 2.1 LOW | N/A |
|
p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root.
|
|||||
| CVE-2007-2155 | 1 Phpfaber | 1 Topsites | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php.
|
|||||
| CVE-2006-5923 | 1 Chris Mac | 1 Gimescripts Shopping Catalog | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter.
|
|||||
| CVE-2007-0429 | 1 Divx | 1 Divx Player | 2025-04-09 | 5.0 MEDIUM | N/A |
|
DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object.
|
|||||
| CVE-2006-4410 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.5 HIGH | N/A |
|
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
|
|||||
| CVE-2007-2843 | 1 Apple | 1 Safari | 2025-04-09 | 10.0 HIGH | N/A |
|
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.
|
|||||
| CVE-2007-0128 | 1 Digiappz | 1 Digirez | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
|
|||||
| CVE-2007-1679 | 1 Horde | 1 Groupware | 2025-04-09 | 4.3 MEDIUM | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages
|
|||||
| CVE-2006-6419 | 1 Ryan Demmer | 1 Joomla Content Editor | 2025-04-09 | 7.5 HIGH | N/A |
|
jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0958 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
|
|||||
| CVE-2007-2256 | 1 Tjschat | 1 Tjschat | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
|
|||||
| CVE-2007-3334 | 3 Ca, Ingres, Microsoft | 3 Etrust Secure Content Manager, Database Server, All Windows | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2007-3419 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
|
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.
|
|||||
| CVE-2009-3845 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.
|
|||||
| CVE-2006-5942 | 1 Website Designs For Less | 1 Inventory Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter.
|
|||||
| CVE-2007-4090 | 1 Vikingboard | 1 Vikingboard | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to inc/lib/screen.php or (2) the title parameter to post.php. NOTE: vector 2 might overlap CVE-2006-6283. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0301 | 1 Fdweb | 1 Espace Membre | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
|
|||||
| CVE-2007-2632 | 1 Php Multi User Randomizer | 1 Php Multi User Randomizer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[].
|
|||||
| CVE-2006-5223 | 1 Nivisec | 1 User Viewed Posts Tracker | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/functions_user_viewed_posts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2006-6571 | 1 Genesistrader | 1 Genesistrader | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters.
|
|||||
| CVE-2007-1919 | 1 Arizona-dream | 1 Livre D Or Livor | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2007-1103 | 1 Tor | 1 Tor | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.
|
|||||
| CVE-2006-6818 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config.
|
|||||
| CVE-2006-6014 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 7.2 HIGH | N/A |
|
The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact.
|
|||||
| CVE-2006-5357 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 10.1.2.0.2, and 10.1.2.1.0 has unknown impact and remote attack vectors related to the PHP Module, aka Vuln# OHS03.
|
|||||
| CVE-2006-5281 | 1 Navyism | 1 N At Board | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter.
|
|||||
| CVE-2008-0177 | 1 Kame | 1 Ipcomp | 2025-04-09 | 7.8 HIGH | N/A |
|
The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.
|
|||||
| CVE-2008-6512 | 1 Google | 1 Gears | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain.
|
|||||
| CVE-2006-6505 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.
|
|||||
| CVE-2007-2770 | 1 Qualcomm | 1 Eudora | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.
|
|||||
| CVE-2007-3602 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 5.5 MEDIUM | N/A |
|
The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.
|
|||||