Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1908 | 1 Php121 | 1 Php121 Instant Messenger | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.
|
|||||
| CVE-2006-6193 | 1 Basicforum | 1 Basicforum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-1135 | 1 Sourceforge | 1 Webmplayer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php.
|
|||||
| CVE-2007-3158 | 1 Tenyearsgone | 1 Asp Folder Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter.
|
|||||
| CVE-2007-1390 | 1 Dynaliens | 1 Dynaliens | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3.
|
|||||
| CVE-2007-2945 | 1 Rmforum | 1 Rmforum | 2025-04-09 | 5.0 MEDIUM | N/A |
|
RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb.
|
|||||
| CVE-2007-0283 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.
|
|||||
| CVE-2007-3243 | 1 Bbpress | 1 Bbpress | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header.
|
|||||
| CVE-2007-2065 | 1 Actionpoll | 1 Actionpoll | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector than CVE-2001-1297. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5943 | 1 Website Designs For Less | 1 Inventory Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter.
|
|||||
| CVE-2007-3679 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
|
|||||
| CVE-2006-5769 | 1 Fixpunkt Gmbh | 1 Admin.tool Cms 3 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fSid or (2) fSrcBegriffe parameters in unspecified vectors.
|
|||||
| CVE-2007-4073 | 1 Tincan | 1 Webbler Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks.
|
|||||
| CVE-2007-0001 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 4.7 MEDIUM | N/A |
|
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.
|
|||||
| CVE-2009-2626 | 1 Php | 1 Php | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
|
|||||
| CVE-2007-3028 | 1 Microsoft | 1 Windows 2000 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
|
|||||
| CVE-2007-0810 | 1 Geeklog | 1 Geeklog | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog.
|
|||||
| CVE-2007-1925 | 1 Tru-zone | 1 Nukeet | 2025-04-09 | 6.5 MEDIUM | N/A |
|
The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.
|
|||||
| CVE-2007-3024 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 2.1 LOW | N/A |
|
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
|
|||||
| CVE-2007-2349 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.
|
|||||
| CVE-2007-2733 | 1 Jetbox | 1 Jetbox Cms | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448.
|
|||||
| CVE-2007-0115 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
|
|||||
| CVE-2007-1554 | 1 Guestbara | 1 Guestbara | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail, (2) emotpatch, (3) login, (4) pass, and unspecified other parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4392 | 1 Nullsoft | 1 Winamp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.
|
|||||
| CVE-2007-0090 | 1 Fermentigrafici | 1 Wineglass | 2025-04-09 | 7.5 HIGH | N/A |
|
WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb.
|
|||||
| CVE-2007-3430 | 1 Simple Invoices | 1 Simple Invoices | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.
|
|||||
| CVE-2006-6585 | 1 Mozilla | 1 Firefox | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.
|
|||||
| CVE-2006-5218 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.
|
|||||
| CVE-2007-3332 | 1 Php-nuke | 1 Satel Lite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action.
|
|||||
| CVE-2007-3018 | 1 Activeweb | 1 Contentserver | 2025-04-09 | 4.0 MEDIUM | N/A |
|
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.
|
|||||
| CVE-2006-4688 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
|
|||||
| CVE-2007-0888 | 1 Kiwi Enterprises | 1 Kiwi Cattools | 2025-04-09 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
|
|||||
| CVE-2009-2296 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 10.0 HIGH | N/A |
|
The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.
|
|||||
| CVE-2007-1286 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
|
|||||
| CVE-2007-3307 | 1 Solar Empire | 1 Solar Empire | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
|
|||||
| CVE-2007-0576 | 1 Xt-stats | 1 Xt-stats | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter.
|
|||||
| CVE-2006-6298 | 1 Maxiasp | 1 Yonetimi | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters.
|
|||||
| CVE-2007-1547 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2025-04-09 | 7.8 HIGH | N/A |
|
The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.
|
|||||
| CVE-2007-0845 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.
|
|||||
| CVE-2007-3412 | 1 Clicktech | 1 Clickgallery | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.
|
|||||