Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5638 | 1 Phpmyring | 1 Phpmyring | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters.
|
|||||
| CVE-2006-5002 | 1 Ibm | 1 Inventory Scout | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors.
|
|||||
| CVE-2007-4131 | 3 Gnu, Redhat, Rpath | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
|
|||||
| CVE-2007-0239 | 1 Openoffice | 1 Openoffice | 2025-04-09 | 9.3 HIGH | N/A |
|
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
|
|||||
| CVE-2007-1005 | 2 Broadcom, Ca | 2 Etrust Intrusion Detection, Etrust Intrusion Detection | 2025-04-09 | 7.8 HIGH | N/A |
|
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
|
|||||
| CVE-2007-0257 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2025-04-09 | 7.2 HIGH | 7.8 HIGH |
|
Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code
|
|||||
| CVE-2007-0600 | 2 Makit, Martyn Kilbryde | 2 Newsposter Script, Newsposter Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.
|
|||||
| CVE-2010-0278 | 1 Microsoft | 3 Windows 7, Windows Live Messenger, Windows Vista | 2025-04-09 | 4.3 MEDIUM | N/A |
|
A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
|
|||||
| CVE-2007-0971 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.
|
|||||
| CVE-2007-2711 | 1 Tinyirc | 1 Tinyidentd | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.
|
|||||
| CVE-2006-6139 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the fn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1916 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
|
|||||
| CVE-2006-5911 | 1 Campware.org | 1 Campsite | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event ...
Show More |
|||||
| CVE-2006-6595 | 1 Scriptmate | 1 User Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via "Manage Resources" and possibly other unspecified components.
|
|||||
| CVE-2007-1517 | 1 Paul Knierim | 1 Wsn Guest | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2842 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
|
|||||
| CVE-2006-6104 | 1 Mono | 1 Xsp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.
|
|||||
| CVE-2006-5132 | 1 Phpmyagenda | 1 Phpmyagenda | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009.
|
|||||
| CVE-2007-2656 | 1 Hp | 1 Hpqvwocx.dll | 2025-04-09 | 7.8 HIGH | N/A |
|
Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method.
|
|||||
| CVE-2007-1892 | 1 Akamai Technologies | 1 Download Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891.
|
|||||
| CVE-2007-2333 | 1 Nortel | 3 Contivity, Vpn Router 5000, Vpn Router Portfolio | 2025-04-09 | 10.0 HIGH | N/A |
|
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.
|
|||||
| CVE-2006-5442 | 1 Viewvc | 1 Viewvc | 2025-04-09 | 6.8 MEDIUM | N/A |
|
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.
|
|||||
| CVE-2006-6389 | 1 Ac4p | 1 Ac4p Mobile | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.
|
|||||
| CVE-2007-2953 | 1 Vim Development Group | 1 Vim | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
|
|||||
| CVE-2009-3944 | 1 Rim | 2 Blackberry 8800, Blackberry Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property.
|
|||||
| CVE-2007-2683 | 1 Mutt | 1 Mutt | 2025-04-09 | 3.5 LOW | N/A |
|
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
|
|||||
| CVE-2007-0151 | 1 Mitisoft | 1 Mitisoft | 2025-04-09 | 7.5 HIGH | N/A |
|
MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb.
|
|||||
| CVE-2006-7109 | 1 Drupal | 1 Imce Module | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.
|
|||||
| CVE-2007-1511 | 1 Frontbase | 1 Relational Database Server | 2025-04-09 | 7.1 HIGH | N/A |
|
Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name.
|
|||||
| CVE-2007-2716 | 1 Eqdkp | 1 Eqdkp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-3940 | 1 Quickersite | 1 Quickersite | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4161 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 4.3 MEDIUM | N/A |
|
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character.
|
|||||
| CVE-2007-3706 | 1 Codeigniter | 1 Codeigniter | 2025-04-09 | 2.1 LOW | N/A |
|
The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.
|
|||||
| CVE-2006-6658 | 1 Inktomi | 1 Inktomi Search | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970.
|
|||||
| CVE-2007-1064 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
|
|||||
| CVE-2007-2976 | 1 Cetrinity | 2 Firstclass, Server And Internet Services | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-7107 | 1 Coalescent Systems | 1 Freepbx | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
|
|||||
| CVE-2007-0391 | 1 Bitdefender | 1 Bitdefender Client | 2025-04-09 | 7.2 HIGH | N/A |
|
Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.
|
|||||
| CVE-2007-0594 | 1 Siteman | 1 Siteman | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.
|
|||||
| CVE-2007-2602 | 1 Progress | 1 Whatsup Gold | 2025-04-09 | 7.8 HIGH | N/A |
|
Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
|
|||||