Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2694 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2006-7007 | 1 H. Nomura | 1 Tiny Ftpd | 2025-04-09 | 7.8 HIGH | N/A |
|
Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133.
|
|||||
| CVE-2007-2247 | 1 Phpmyspace | 1 Phpmyspace | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
|
|||||
| CVE-2007-0023 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.
|
|||||
| CVE-2007-2886 | 1 Nortel | 1 Communications Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.
|
|||||
| CVE-2007-3310 | 1 Tdizin | 1 Tdizin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2386 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.4 HIGH | N/A |
|
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
|
|||||
| CVE-2006-5723 | 1 Dataparksearch | 1 Dataparksearch | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier allows remote attackers to execute arbitrary SQL commands via a malformed hostname in a URL.
|
|||||
| CVE-2006-5676 | 1 Uni-vert | 1 Phpleague | 2025-04-09 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter.
|
|||||
| CVE-2006-5791 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-09 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.
|
|||||
| CVE-2007-0374 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
|
|||||
| CVE-2007-3392 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.
|
|||||
| CVE-2007-4626 | 1 Polipo | 1 Polipo | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb.
|
|||||
| CVE-2007-6389 | 1 Gnome | 1 Screensaver | 2025-04-09 | 2.1 LOW | N/A |
|
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.
|
|||||
| CVE-2009-3378 | 1 Mozilla | 1 Firefox | 2025-04-09 | 9.3 HIGH | N/A |
|
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
|
|||||
| CVE-2007-3354 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978.
|
|||||
| CVE-2007-2350 | 1 Freepbx | 1 Freepbx | 2025-04-09 | 6.5 MEDIUM | N/A |
|
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.
|
|||||
| CVE-2007-3215 | 1 Phpmailer | 1 Phpmailer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
|
|||||
| CVE-2007-2812 | 1 Hlstats | 1 Hlstats | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter.
|
|||||
| CVE-2007-4191 | 1 Panda | 1 Panda Antivirus | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.
|
|||||
| CVE-2007-2097 | 1 Openconcept | 1 Back-end Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or (2) pollcollector.php in htdocs/; or (3) index.php, (4) articlepages.php, (5) articles.php, (6) articleform.php, (7) articlesections.php, (8) createArticlesPage.php, (9) guestbook.php, (10) helpguide.php, (11) helpguideeditor.php, (12) links.php, (13) upload.php, (14) sitestatistics.php, (15) nav.php ...
Show More |
|||||
| CVE-2006-6214 | 1 Wallpaper | 1 Wallpaper Complete Website | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter.
|
|||||
| CVE-2007-2528 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508.
|
|||||
| CVE-2007-4824 | 1 Google | 1 Picasa | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
|
|||||
| CVE-2007-3531 | 1 Gentoo | 2 Linux, Nvclock | 2025-04-09 | 6.6 MEDIUM | N/A |
|
The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
|
|||||
| CVE-2006-7063 | 1 Tinyphpforum | 1 Tinyphpforum | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.
|
|||||
| CVE-2006-5639 | 1 Openwbem | 1 Openwbem | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication."
|
|||||
| CVE-2007-0982 | 1 Taskfreak | 1 Taskfreak | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1629 | 1 Active Web Softwares | 1 Active Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2007-0874 | 1 Allons Voter | 1 Allons Voter | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks.
|
|||||
| CVE-2007-4123 | 1 Hitachi | 1 Groupmax Groupware Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax Groupware Server 07-00-/F through 07-32-/A before 20070731 does not properly manage schedule server configuration data, which might allow attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2007-3009 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
|
|||||
| CVE-2006-6841 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | 10.0 HIGH | N/A |
|
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
|
|||||
| CVE-2007-3924 | 2 Microsoft, Netscape | 2 Internet Explorer, Navigator | 2025-04-09 | 9.3 HIGH | N/A |
|
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet E ...
Show More |
|||||
| CVE-2006-5852 | 1 Openbase International Ltd | 1 Openbase | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.
|
|||||
| CVE-2007-1942 | 1 Faststone | 1 Image Viewer | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.
|
|||||
| CVE-2007-3328 | 1 Interact | 1 Interact | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri ...
Show More |
|||||
| CVE-2007-0473 | 1 Smb4k | 1 Smb4k | 2025-04-09 | 1.9 LOW | N/A |
|
The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.
|
|||||
| CVE-2007-0497 | 1 Upload-service | 1 Upload-service | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter.
|
|||||
| CVE-2007-1385 | 1 Joris Guisson | 1 Ktorrent | 2025-04-09 | 7.5 HIGH | N/A |
|
chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.
|
|||||