Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0294 | 1 Freeseat | 1 Freeseat | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors.
|
|||||
| CVE-2007-1263 | 2 Gnu, Gnupg | 2 Gpgme, Gnupg | 2025-04-09 | 5.0 MEDIUM | N/A |
|
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
|
|||||
| CVE-2006-6078 | 1 A-conman | 1 A-conman | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in common.inc.php in a-ConMan 3.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the cm_basedir parameter.
|
|||||
| CVE-2006-5136 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter.
|
|||||
| CVE-2007-0480 | 1 Cisco | 1 Ios Transmission Control Protocol | 2025-04-09 | 10.0 HIGH | N/A |
|
Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.
|
|||||
| CVE-2007-1743 | 1 Apache | 1 Http Server | 2025-04-09 | 4.4 MEDIUM | N/A |
|
suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on oth ...
Show More |
|||||
| CVE-2007-0689 | 1 Mybb | 1 Mybb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.
|
|||||
| CVE-2007-2425 | 1 Blackdot | 1 Imageview | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter.
|
|||||
| CVE-2006-5985 | 1 Extreme Cms | 1 Extreme Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
|
|||||
| CVE-2008-6822 | 1 Newearthpt | 1 Imgupload | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-3857 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to have an unknown impact via (a) the Oracle Text component, including (1) unspecified vectors (DB05), (2) CTXSYS.DRVXMD (DB06), (3) CTXSYS.DRI_MOVE_CTXSYS (DB07), (4) CTXSYS.DRVXMD (DB08), and (b) JavaVM (DB14).
|
|||||
| CVE-2007-3578 | 1 Phpids | 1 Phpids | 2025-04-09 | 4.3 MEDIUM | N/A |
|
PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.
|
|||||
| CVE-2006-7066 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-09 | 7.1 HIGH | N/A |
|
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
|
|||||
| CVE-2009-3572 | 1 Openbsd | 1 Openbsd | 2025-04-09 | 4.9 MEDIUM | N/A |
|
OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors.
|
|||||
| CVE-2007-1835 | 1 Php | 1 Php | 2025-04-09 | 4.6 MEDIUM | N/A |
|
PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.
|
|||||
| CVE-2007-0696 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611.
|
|||||
| CVE-2006-5427 | 1 Php Amx | 1 Php Amx | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in plugins/main.php in Php AMX 0.9.0, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plug_path parameter.
|
|||||
| CVE-2007-2225 | 1 Microsoft | 5 Outlook Express, Windows 2003 Server, Windows Mail and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
|
|||||
| CVE-2007-2472 | 1 Sendcard | 1 Sendcard | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the form parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0445 | 1 Elog | 1 Elog | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4431 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."
|
|||||
| CVE-2006-6246 | 1 Photo Organizer | 1 Photo Organizer | 2025-04-09 | 7.5 HIGH | N/A |
|
Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations.
|
|||||
| CVE-2009-1789 | 2 Eggheads, Philip Moore | 3 Eggdrop, Eggdrop Irc Bot, Windrop | 2025-04-09 | 4.3 MEDIUM | N/A |
|
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
|
|||||
| CVE-2007-0110 | 1 Novell | 1 Access Manager Identity Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.
|
|||||
| CVE-2007-1303 | 1 Rrdbrowse | 1 Rrdbrowse | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2006-6176 | 1 Blogn | 1 Blogn | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
|||||
| CVE-2007-1060 | 1 Interspire | 1 Sendstudio | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.
|
|||||
| CVE-2006-5021 | 1 Redblog | 1 Redblog | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-5204 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-09 | 2.1 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.
|
|||||
| CVE-2006-5972 | 1 Netgear | 2 Wg111v2, Wg111v2 Driver | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request.
|
|||||
| CVE-2007-2278 | 1 Dcp-portal | 1 Dcp-portal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the cfgfile_to_load parameter to admin/phpMyAdmin/libraries/common.lib.php.
|
|||||
| CVE-2006-7189 | 1 Web-app.net | 1 Webapp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer.
|
|||||
| CVE-2006-5454 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.
|
|||||
| CVE-2007-4133 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.7 MEDIUM | N/A |
|
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.
|
|||||
| CVE-2007-1840 | 1 Ldap Account Manager | 1 Ldap Account Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).
|
|||||
| CVE-2007-2152 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-09 | 7.9 HIGH | N/A |
|
Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters.
|
|||||
| CVE-2007-0352 | 1 Microsoft | 1 Html Help Workshop | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.
|
|||||
| CVE-2007-1912 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
|
|||||
| CVE-2007-3557 | 1 Wheatblog | 1 Wheatblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.
|
|||||
| CVE-2007-0240 | 1 Zope | 1 Zope | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
|
|||||