Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2377 | 1 Getahead | 1 Direct Web Remoting | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
|
|||||
| CVE-2006-5776 | 1 Ariadne | 1 Ariadne Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE: this issue is disputed by CVE, since installation instructions recommend that the files be placed outside of the web document root and require the administrator to modify $ariadne in an include file
|
|||||
| CVE-2006-7064 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-09 | 9.3 HIGH | N/A |
|
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.
|
|||||
| CVE-2007-4487 | 1 Dscripting.com | 1 D22-shoutbox | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision Power Board (IPB or IP.Board) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-4054 | 1 Php123 | 1 Top Sites | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2007-2712 | 1 Mh Software | 1 Connect Daily | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors.
|
|||||
| CVE-2007-2554 | 1 Associated Press | 1 Newspower | 2025-04-09 | 7.8 HIGH | N/A |
|
Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript.
|
|||||
| CVE-2006-7004 | 1 Php Script Tools | 1 Psy Auction | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2832 | 1 Cisco | 1 Call Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
|
|||||
| CVE-2006-5152 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.
|
|||||
| CVE-2007-4399 | 1 Irssi | 1 Irssi | 2025-04-09 | 6.8 MEDIUM | N/A |
|
CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
|
|||||
| CVE-2007-2191 | 7 Bsd, Freepbx, Hp and 4 more | 8 Bsd, Freepbx, Hp-ux and 5 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
|
|||||
| CVE-2007-3002 | 1 Php Jackknife | 1 Php Jackknife | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages.
|
|||||
| CVE-2007-1156 | 1 Man Machine Systems | 1 Jbrowser | 2025-04-09 | 7.5 HIGH | N/A |
|
JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.
|
|||||
| CVE-2007-0721 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.
|
|||||
| CVE-2007-0736 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.
|
|||||
| CVE-2007-2107 | 1 Rha7 Downloads | 1 Rha7 Downloads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-1960. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0929 | 1 Guillaume Fontaine | 1 Php Rrd Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.
|
|||||
| CVE-2006-5444 | 1 Digium | 1 Asterisk | 2025-04-09 | 7.5 HIGH | N/A |
|
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
|
|||||
| CVE-2007-3645 | 1 Freebsd | 1 Libarchive | 2025-04-09 | 4.3 MEDIUM | N/A |
|
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.
|
|||||
| CVE-2007-0640 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
|
|||||
| CVE-2007-2626 | 1 Free Php Scripts | 1 Schoolboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries
|
|||||
| CVE-2007-4197 | 1 Brian Carrier | 1 The Slueth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL pointer checks in certain code paths, which allows user-assisted remote attackers to cause a denial of service (NULL dereference and application crash) and prevent examination of certain NTFS files via a malformed NTFS image.
|
|||||
| CVE-2007-3991 | 1 Asp Indir | 1 Cvmatik | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp cvmatik 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz (Ady), (2) Soyadiniz (Soyady), (3) Ehliyet, (4) Askerlik, and (5) GSM parameters; and possibly other unspecified vectors.
|
|||||
| CVE-2007-0859 | 1 Palm | 1 Treo | 2025-04-09 | 2.1 LOW | N/A |
|
The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys.
|
|||||
| CVE-2007-1524 | 1 Zomplog | 1 Zomplog | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
|
|||||
| CVE-2007-2677 | 1 Phpchess | 1 Phpchess | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.
|
|||||
| CVE-2007-1652 | 1 Openid | 1 Openid | 2025-04-09 | 7.5 HIGH | N/A |
|
OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.
|
|||||
| CVE-2007-3012 | 1 Fujitsu | 1 Primergy Bx300 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm.
|
|||||
| CVE-2007-2014 | 1 Mynews | 1 Mynews | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633.
|
|||||
| CVE-2007-1729 | 1 Revolutionproducts | 1 Flexbb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php.
|
|||||
| CVE-2007-1332 | 1 Tks Banking Solutions | 1 Eportfolio | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.
|
|||||
| CVE-2006-5871 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.1 MEDIUM | N/A |
|
smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings.
|
|||||
| CVE-2006-6425 | 1 Novell | 1 Netmail | 2025-04-09 | 9.0 HIGH | N/A |
|
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
|
|||||
| CVE-2006-6076 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup, Brightstor Arcserve Backup, Brightstor Arcserve Backup Agent | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
|
|||||
| CVE-2006-6301 | 1 Denyhosts | 1 Denyhosts | 2025-04-09 | 5.0 MEDIUM | N/A |
|
DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression.
|
|||||
| CVE-2007-3620 | 1 Maia Mailguard | 1 Maia Mailguard | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) prevlang and (2) super parameters to (a) php/login.php; the (3) charset parameter to (a) php/login.php, (b) php/internal-init.php, and (c) php/xlogin.php; the (4) lang parameter to (b) php/internal-init.php; and the (5) language parameter to (c) php/xlogin.php.
|
|||||
| CVE-2007-2180 | 1 Nullsoft | 1 Winamp | 2025-04-09 | 7.1 HIGH | N/A |
|
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
|
|||||
| CVE-2007-0978 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data.
|
|||||
| CVE-2007-4067 | 1 Clever Components | 1 Internet Activex Suite | 2025-04-09 | 9.3 HIGH | N/A |
|
Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information.
|
|||||