Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6198 | 1 Cpanel | 1 Webhost Manager | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to ( ...
Show More |
|||||
| CVE-2007-2384 | 1 Script.aculo.us | 1 Script.aculo.us | 2025-04-09 | 7.8 HIGH | N/A |
|
The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
|
|||||
| CVE-2007-1717 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.
|
|||||
| CVE-2007-0323 | 1 Rim | 1 Teamon Import Object Activex Control | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-1762 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.
|
|||||
| CVE-2007-1425 | 1 Triexa | 1 Sonicmailer Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
|
|||||
| CVE-2007-1528 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack.
|
|||||
| CVE-2007-1462 | 2 Conga, Redhat | 2 Conga, Linux | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.
|
|||||
| CVE-2006-5660 | 1 Cisco | 1 Security Agent Management Center | 2025-04-09 | 7.5 HIGH | N/A |
|
Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server.
|
|||||
| CVE-2007-4125 | 1 Hp | 1 Hp-ux | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause an unspecified denial of service via unknown vectors.
|
|||||
| CVE-2006-6113 | 1 James Greenwood | 1 Monkey Boards | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path.
|
|||||
| CVE-2008-1274 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory.
|
|||||
| CVE-2007-4236 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.
|
|||||
| CVE-2006-6691 | 1 Valdersoft | 1 Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php.
|
|||||
| CVE-2006-5730 | 1 Modxcms | 1 Modxcms | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor.
|
|||||
| CVE-2007-3724 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 2.1 LOW | N/A |
|
The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
|
|||||
| CVE-2007-3601 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 2.1 LOW | N/A |
|
vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view.
|
|||||
| CVE-2007-2025 | 1 Phpwiki | 1 Phpwiki | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
|
|||||
| CVE-2007-0157 | 1 Neon | 1 Neon | 2025-04-09 | 7.8 HIGH | N/A |
|
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.
|
|||||
| CVE-2007-3647 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | 10.0 HIGH | N/A |
|
The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-1410 | 1 Gaziyapboz | 1 Game Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter.
|
|||||
| CVE-2007-3685 | 1 Masuga Design | 1 Unobtrusive Ajax Star Rating Bar | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2009-0369 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.
|
|||||
| CVE-2007-0069 | 1 Microsoft | 3 Windows 2003 Server, Windows Vista, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
|
|||||
| CVE-2007-2562 | 1 Kayako | 1 Esupport | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter.
|
|||||
| CVE-2006-5034 | 1 Paul Smith Computer Services | 1 Vcap | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
|
|||||
| CVE-2007-0583 | 1 Http Commander | 1 Http Commander | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1637 | 1 Ipswitch | 4 Imail, Imail Plus, Imail Premium and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.
|
|||||
| CVE-2007-0656 | 1 Phpbb2-modificat | 1 Phpbb2-modificat | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-3533 | 1 3com | 1 3cnj220 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field.
|
|||||
| CVE-2007-1434 | 1 Grayscale | 1 Grayscale Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
|
|||||
| CVE-2006-6468 | 1 Xerox | 1 Workcentre | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a "Validate Repository SSL Certificate" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates.
|
|||||
| CVE-2007-3445 | 3 Microsoft, Securecomputing, Sj Labs | 3 Windows Mobile, Sch I730 Phone, Sjphone | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.
|
|||||
| CVE-2007-4502 | 1 Joomla | 1 Bibtex | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.
|
|||||
| CVE-2006-6713 | 1 Hitachi | 1 Hitachi Directory Server 2 | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests.
|
|||||
| CVE-2007-2993 | 1 Omegasoft | 1 Interneserviceslosungen | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields.
|
|||||
| CVE-2006-5837 | 1 Simplechat | 1 Simplechat | 2025-04-09 | 7.5 HIGH | N/A |
|
Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter.
|
|||||
| CVE-2007-3352 | 1 Stephen Ostermiller | 1 Contact Form | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe.
|
|||||
| CVE-2007-1625 | 1 Realguestbook | 1 Realguestbook | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data.
|
|||||
| CVE-2007-1019 | 1 Webspell | 1 Webspell | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
|
|||||