Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0629 | 1 Plain Black | 1 Webgui | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0487 | 1 Zoneo-soft | 1 Freeforum | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used
|
|||||
| CVE-2007-2023 | 1 Secustick | 1 Secustick Usb Flash Drive | 2025-04-09 | 7.2 HIGH | N/A |
|
USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function.
|
|||||
| CVE-2006-5718 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.
|
|||||
| CVE-2007-4151 | 1 Visionsoft | 1 Audit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner.
|
|||||
| CVE-2006-6677 | 1 Eset Software | 1 Nod32 Antivirus | 2025-04-09 | 2.6 LOW | N/A |
|
ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error.
|
|||||
| CVE-2007-4307 | 1 Storesprite | 1 Storesprite | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 and earlier allow remote attackers to inject arbitrary web script or HTML via the next parameter to (1) addaddress.php, (2) editshipdetails.php, (3) register.php, or (4) login.php in secure/.
|
|||||
| CVE-2009-2471 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
|
The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.
|
|||||
| CVE-2007-0393 | 1 Sun | 1 Solaris | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
|
|||||
| CVE-2006-6023 | 1 Bloo | 1 Bloo | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issue is disputed by CVE since $descriptorFileList is used in a function definition within phoo.base.php
|
|||||
| CVE-2006-6831 | 1 Alan Ward | 1 A-faq | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.
|
|||||
| CVE-2006-6807 | 1 Softwebs Nepal | 1 Ananda Real Estate | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter.
|
|||||
| CVE-2007-0822 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 1.9 LOW | N/A |
|
umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.
|
|||||
| CVE-2006-6906 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.
|
|||||
| CVE-2006-6440 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues."
|
|||||
| CVE-2006-5743 | 1 Mobilesecure | 2 Highwall Endpoint, Highwall Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via (1) an Access Point with a crafted SSID, (2) the name of the sensor WIDS, (3) the name of the Highwall EndPoint workstation, or other unspecified vectors.
|
|||||
| CVE-2007-2757 | 1 Dean J Robinson | 1 Redoable | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php.
|
|||||
| CVE-2008-2281 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
|
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.
|
|||||
| CVE-2006-6376 | 1 Onedotoh | 1 Simple File Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code.
|
|||||
| CVE-2007-3598 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 5.5 MEDIUM | N/A |
|
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo.
|
|||||
| CVE-2006-6587 | 1 Apache | 1 Ofbiz | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
|
|||||
| CVE-2007-2802 | 1 Rm | 1 Rm Easymail Plus | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter.
|
|||||
| CVE-2007-4152 | 1 Visionsoft | 1 Audit | 2025-04-09 | 9.3 HIGH | N/A |
|
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit.
|
|||||
| CVE-2007-3975 | 1 Elite Forum | 1 Elite Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412.
|
|||||
| CVE-2007-2083 | 1 Zonelabs | 1 Zonealarm | 2025-04-09 | 6.9 MEDIUM | N/A |
|
vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.
|
|||||
| CVE-2007-3305 | 1 Cerulean Studios | 1 Trillian | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478.
|
|||||
| CVE-2007-0851 | 1 Trend Micro | 23 Client-server-messaging Suite Smb, Client-server Suite Smb, Control Manager and 20 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
|
|||||
| CVE-2006-6338 | 1 Devilz Clanportal | 1 Devilz Clanportal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/.
|
|||||
| CVE-2007-4309 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 3.5 LOW | N/A |
|
IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696.
|
|||||
| CVE-2006-6536 | 1 Cilem | 1 Cilem Haber | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5303 | 1 Securecomputing | 1 Safeword Remoteaccess | 2025-04-09 | 2.1 LOW | N/A |
|
Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERS\Web\Tomcat\usercenter\WEB-INF\login.conf and (2) plaintext data in SERVERS\Shared\signers.cfg. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2007-0059 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
|
|||||
| CVE-2006-6494 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.
|
|||||
| CVE-2006-6474 | 1 Mcafee | 1 Virusscan | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory.
|
|||||
| CVE-2007-4028 | 1 Webspell | 1 Webspell | 2025-04-09 | 7.5 HIGH | N/A |
|
Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2327 | 1 Labs4 | 1 Htmleditbox | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter.
|
|||||
| CVE-2006-6452 | 1 Myarticles | 1 Myarticles | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php.
|
|||||
| CVE-2006-6986 | 1 Phaseout | 1 Phaseout | 2025-04-09 | 7.8 HIGH | N/A |
|
Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
|
|||||
| CVE-2006-7011 | 1 Develooping | 1 Flash Chat | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value
|
|||||
| CVE-2007-2679 | 1 Simple Php Scripts Gallery | 1 Simple Php Scripts Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||