Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3748 | 1 Apple | 3 Ichat, Mac Os X, Mac Os X Server | 2025-04-09 | 5.4 MEDIUM | N/A |
|
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
|
|||||
| CVE-2007-3536 | 1 Amx | 1 Netlinx Vnc Activex Control | 2025-04-09 | 7.6 HIGH | N/A |
|
Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values.
|
|||||
| CVE-2006-5188 | 1 Webgeneius | 1 Goop Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in webGENEius GOOP Gallery 2.0.2 allows remote attackers to read or list data from certain files or directories via unspecified vectors.
|
|||||
| CVE-2007-1800 | 1 Cisco | 1 Trust Agent | 2025-04-09 | 7.5 HIGH | N/A |
|
Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices.
|
|||||
| CVE-2006-6982 | 1 3proxy | 1 3proxy | 2025-04-09 | 5.0 MEDIUM | N/A |
|
3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials.
|
|||||
| CVE-2006-5440 | 1 Comdev | 1 Comdev Form Designer | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in adminfoot.php in Comdev Form Designer 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-6211 | 1 Birdblog | 1 Birdblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.
|
|||||
| CVE-2006-6795 | 1 Myphpnuke | 1 Myphpnuke My Egallery | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.
|
|||||
| CVE-2006-6455 | 1 Duware | 1 Dudirectory | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-4994 | 1 Apachefriends | 1 Xampp | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
|
|||||
| CVE-2006-4516 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call.
|
|||||
| CVE-2006-5014 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 9.0 HIGH | 8.8 HIGH |
|
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
|
|||||
| CVE-2007-2133 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01.
|
|||||
| CVE-2007-4016 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2006-5636 | 1 Sws | 1 Simple Website Software | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter.
|
|||||
| CVE-2006-5393 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 2.1 LOW | 5.5 MEDIUM |
|
Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.
|
|||||
| CVE-2007-3398 | 1 Perception | 1 Liteweb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages.
|
|||||
| CVE-2007-0489 | 1 Visohotlink | 1 Visohotlink | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2006-5348 | 1 Oracle | 3 Collaboration Suite, E-business Suite, Http Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05.
|
|||||
| CVE-2007-2334 | 1 Nortel | 2 Contivity, Vpn Router 5000 | 2025-04-09 | 7.5 HIGH | N/A |
|
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.
|
|||||
| CVE-2007-3205 | 2 Hardened-php Project, Php | 3 Hardened-php, Subhosin, Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
|
|||||
| CVE-2007-4061 | 1 Nessus | 1 Vulnerability Scanner | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder.
|
|||||
| CVE-2006-5964 | 1 Pentaware | 2 Pentasuite-pro, Pentazip | 2025-04-09 | 7.1 HIGH | N/A |
|
choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service (system crash) by right clicking on a file with a long filename.
|
|||||
| CVE-2007-2154 | 1 Cabron Connector | 1 Cabron Connector | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.
|
|||||
| CVE-2006-5600 | 1 Axalto | 1 Protiva | 2025-04-09 | 2.1 LOW | N/A |
|
Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-INF\classes\authserver.config.
|
|||||
| CVE-2007-3470 | 1 Sun | 1 Solaris | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.
|
|||||
| CVE-2006-4400 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.
|
|||||
| CVE-2007-1559 | 1 Roxio | 1 Cineplayer | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.
|
|||||
| CVE-2008-6712 | 1 Ea | 1 Crysis | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference.
|
|||||
| CVE-2007-4590 | 1 Hp | 3 Dynrootdisk, Hp-ux, Ignite-ux | 2025-04-09 | 3.3 LOW | N/A |
|
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors.
|
|||||
| CVE-2007-3709 | 1 Codeigniter | 1 Codeigniter | 2025-04-09 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header.
|
|||||
| CVE-2007-1541 | 1 Sql-ledger | 1 Sql-ledger | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.
|
|||||
| CVE-2007-0861 | 1 Phpcoin | 1 Phpcoin | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached
|
|||||
| CVE-2006-5599 | 1 Oracle | 1 Apex | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU.
|
|||||
| CVE-2006-5569 | 1 Datawizard | 1 Ftpxq | 2025-04-09 | 6.4 MEDIUM | N/A |
|
FtpXQ Server 3.0.1 installs with two default testing accounts, which allows remote attackers to read or write arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-6586 | 1 Vblog | 1 Vblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/.
|
|||||
| CVE-2007-6428 | 1 X.org | 2 Tog-cup, Xserver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.
|
|||||
| CVE-2007-1535 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 7.5 HIGH | N/A |
|
Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.
|
|||||
| CVE-2006-5674 | 1 Minibb | 1 Minibb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin.
|
|||||
| CVE-2007-1808 | 1 Camportail | 1 Camportail | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action.
|
|||||