Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4202 | 1 Guidance Software | 1 Encase | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image.
|
|||||
| CVE-2007-1411 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.
|
|||||
| CVE-2007-0672 | 2 Broadcom, Ca | 5 Brightstor Arcserve Backup Laptops Desktops, Business Protection Suite, Desktop Management Suite and 2 more | 2025-04-09 | 7.8 HIGH | N/A |
|
LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.
|
|||||
| CVE-2007-3030 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-09 | 7.6 HIGH | N/A |
|
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
|
|||||
| CVE-2006-6373 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.
|
|||||
| CVE-2007-2958 | 2 Sylpheed, Sylpheed-claws | 2 Sylpheed, Sylpheed-claws | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
|
|||||
| CVE-2007-2830 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.
|
|||||
| CVE-2006-6590 | 1 Php | 1 Ar Memberscript | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter.
|
|||||
| CVE-2007-3059 | 1 Sendcard | 1 Sendcard | 2025-04-09 | 5.0 MEDIUM | N/A |
|
SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message.
|
|||||
| CVE-2007-3309 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message.
|
|||||
| CVE-2009-3005 | 1 Lunascape | 1 Lunascape | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.
|
|||||
| CVE-2007-4616 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.
|
|||||
| CVE-2007-1552 | 1 Metaforum | 1 Metaforum | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension such as .php.
|
|||||
| CVE-2007-0628 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-3969 | 1 Panda | 1 Panda Antivirus | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around."
|
|||||
| CVE-2007-5970 | 1 Oracle | 1 Mysql | 2025-04-09 | 5.8 MEDIUM | N/A |
|
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
|
|||||
| CVE-2006-5144 | 1 Olate | 1 Olatedownload | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.
|
|||||
| CVE-2007-4435 | 1 Torrenttrader | 1 Torrenttrader | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php.
|
|||||
| CVE-2006-7183 | 1 Photography-on-the-net | 1 Exhibit Engine 2 | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
|
|||||
| CVE-2006-3888 | 1 Aol | 1 Ygp Pic Downloader Activex Control | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.
|
|||||
| CVE-2009-1107 | 1 Sun | 1 Java | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
|
|||||
| CVE-2006-7052 | 1 Keith Reichley | 1 Dotwidget For Articles | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
|
|||||
| CVE-2007-0654 | 1 X Multimedia System | 1 X Multimedia System | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.
|
|||||
| CVE-2006-5826 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.
|
|||||
| CVE-2007-3220 | 1 Xoops | 1 Cjay Content Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656.
|
|||||
| CVE-2006-7013 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue
|
|||||
| CVE-2007-0310 | 1 Bmc | 1 Remedy Action Request System | 2025-04-09 | 5.0 MEDIUM | N/A |
|
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
|
|||||
| CVE-2006-5166 | 1 Php Web Scripts | 1 Easy Banner Free | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.
|
|||||
| CVE-2006-5428 | 1 Cerberus | 1 Cerberus Helpdesk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
|
|||||
| CVE-2006-6072 | 1 Bpg-infotech | 2 Easy Publisher, Smart Publisher Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-6472 | 1 Xerox | 1 Workcentre | 2025-04-09 | 10.0 HIGH | N/A |
|
The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors.
|
|||||
| CVE-2007-0648 | 1 Cisco | 1 Ios | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
|
|||||
| CVE-2006-6469 | 1 Xerox | 1 Workcentre | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port (5432/tcp), which has unknown impact and remote attack vectors, probably related to unauthorized connections to a PostgreSQL daemon.
|
|||||
| CVE-2007-2423 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5529 | 1 Schoolalumni Portal | 1 Schoolalumni Portal | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0969 | 1 Webtester | 1 Webtester | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files.
|
|||||
| CVE-2007-1400 | 1 Plesh | 1 Plesh | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl.
|
|||||
| CVE-2006-7085 | 1 Rigter Portal System | 1 Rigter Portal System | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely.
|
|||||
| CVE-2006-6860 | 1 Mythcontrol | 1 Mythcontrol | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-5987 | 1 Aspintranet | 1 Aspintranet | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter.
|
|||||