Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6260 | 1 Redbinaria | 1 Siap Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in Redbinaria Sistema Integrado de Administracion de Portales (SIAP) allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2007-4312 | 1 Php Blue Dragon | 1 Php Blue Dragon Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action.
|
|||||
| CVE-2006-6609 | 1 Alientrap | 1 Nexuiz | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6386 | 1 Drupal | 1 Cvs Management And Tracker | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display.
|
|||||
| CVE-2007-3437 | 2 Aol, Microsoft | 2 Instant Messenger, Windows Xp | 2025-04-09 | 7.8 HIGH | N/A |
|
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
|
|||||
| CVE-2007-3906 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus 5.5 For Check Point Firewall- | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role.
|
|||||
| CVE-2007-3121 | 1 Zapping | 1 Zapping Vbi Library | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long data during a reception error. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2488 | 1 Asterisk | 1 Asterisk | 2025-04-09 | 10.0 HIGH | N/A |
|
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
|
|||||
| CVE-2006-5134 | 1 Hp | 1 Mercury Sitescope | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field.
|
|||||
| CVE-2007-3042 | 1 Meneame | 1 Meneame | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-0534 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."
|
|||||
| CVE-2007-2500 | 1 Gnu | 1 Flash Player | 2025-04-09 | 10.0 HIGH | N/A |
|
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
|
|||||
| CVE-2007-2700 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
|
|||||
| CVE-2006-5462 | 1 Mozilla | 4 Firefox, Network Security Services, Seamonkey and 1 more | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
|
|||||
| CVE-2007-1598 | 1 Intervations | 1 Filecopa | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2007-3014 | 1 Activeweb | 1 Contentserver | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).
|
|||||
| CVE-2006-5095 | 1 Myphotos | 1 Myphotos | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions
|
|||||
| CVE-2006-5273 | 1 Mcafee | 3 Common Management Agent, E-business Server, Protectionpilot | 2025-04-09 | 7.6 HIGH | N/A |
|
Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet.
|
|||||
| CVE-2009-4593 | 1 Jesse Smith | 1 Bftpd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4153 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 2.1 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.
|
|||||
| CVE-2006-7199 | 1 Emc | 1 Rsa Security Sitekey | 2025-04-09 | 8.5 HIGH | N/A |
|
EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."
|
|||||
| CVE-2006-6398 | 1 Superfreaker Studios | 1 Upublisher | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888.
|
|||||
| CVE-2007-2294 | 1 Asterisk | 1 Asterisk | 2025-04-09 | 7.8 HIGH | N/A |
|
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
|
|||||
| CVE-2006-5916 | 1 Intego | 1 Virusbarrier | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Intego VirusBarrier X4 allows context-dependent attackers to bypass virus protection by quickly injecting many infected files into the filesystem, which prevents VirusBarrier from processing all the files.
|
|||||
| CVE-2007-4198 | 1 Brian Carrier | 1 The Slueth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read.
|
|||||
| CVE-2006-6984 | 1 More Quick Tools | 1 Greenbrowser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
|
|||||
| CVE-2006-5243 | 1 Opendock | 1 Easy Doc | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts.
|
|||||
| CVE-2006-7179 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 7.8 HIGH | N/A |
|
ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change.
|
|||||
| CVE-2007-0187 | 1 F5 | 1 Firepass | 2025-04-09 | 7.5 HIGH | N/A |
|
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.
|
|||||
| CVE-2006-6697 | 1 Oracle | 1 Application Server Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
|
|||||
| CVE-2006-7081 | 1 Phpnews | 1 Phpnews | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to (1) Include/lib.inc.php3 and (2) Include/variables.php3.
|
|||||
| CVE-2009-4074 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
|
|||||
| CVE-2007-3762 | 1 Asterisk | 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
|
|||||
| CVE-2006-6273 | 1 Paul Griffin | 1 Simple Php Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid dir parameter, which reveals the path in an error message.
|
|||||
| CVE-2006-5956 | 1 Xlinesoft | 1 Phprunner | 2025-04-09 | 2.1 LOW | N/A |
|
XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.
|
|||||
| CVE-2007-0563 | 1 Symantec | 1 Web Security | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.
|
|||||
| CVE-2007-4051 | 1 Ultradefrag | 1 Ultradefrag | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Heap-based buffer overflow in the FindFiles function in UltraDefrag 1.0.3 allows local users to gain privileges via a file with a long pathname. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0372 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section.
|
|||||
| CVE-2006-6857 | 1 Docebolms | 1 Docebolms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
|||||
| CVE-2008-1322 | 1 Asg-sentry | 1 Asg-sentry | 2025-04-09 | 7.8 HIGH | N/A |
|
The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability.
|
|||||