Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3113 | 1 The Cacti Group | 1 Cacti | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112.
|
|||||
| CVE-2006-5527 | 1 Intelimen | 1 Intelieditor | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter.
|
|||||
| CVE-2007-1935 | 1 Scar4u.de | 1 Scaradcontroller | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function.
|
|||||
| CVE-2007-2817 | 1 Ol Bookmarks | 1 Ol Bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-6517 | 1 Kdpics | 1 Kdpics | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3.
|
|||||
| CVE-2007-1809 | 1 Grafx Software | 1 Company Website Builder | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513.
|
|||||
| CVE-2006-6080 | 1 Gazatem Technologies | 1 Gnews Publisher | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.
|
|||||
| CVE-2007-2371 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2025-04-09 | 10.0 HIGH | N/A |
|
admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.
|
|||||
| CVE-2007-2951 | 1 Kvirc | 1 Irc Client | 2025-04-09 | 9.3 HIGH | N/A |
|
The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.
|
|||||
| CVE-2007-0977 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 7.1 HIGH | N/A |
|
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.
|
|||||
| CVE-2007-3631 | 1 Gamesitescript | 1 Gamesitescript | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field.
|
|||||
| CVE-2006-3896 | 1 Neoscale Systems | 1 Cryptostor Tape 700 | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX.
|
|||||
| CVE-2007-1821 | 1 Sprint | 1 Sprint Voice | 2025-04-09 | 10.0 HIGH | N/A |
|
Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).
|
|||||
| CVE-2007-3402 | 1 Pagetool | 1 Pagetool | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.
|
|||||
| CVE-2007-2839 | 1 Debian | 1 Gfax | 2025-04-09 | 7.2 HIGH | N/A |
|
gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.
|
|||||
| CVE-2007-4383 | 1 Trackeur | 1 Trackeur | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute this vulnerability because header is defined before use. The researcher is known to be unreliable
|
|||||
| CVE-2007-2315 | 1 Minishare | 1 Minimal Http Server | 2025-04-09 | 7.8 HIGH | N/A |
|
MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections.
|
|||||
| CVE-2006-5544 | 1 Microsoft | 1 Ie | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.
|
|||||
| CVE-2007-1324 | 1 Snapgear | 6 560, 580, 585 and 3 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613.
|
|||||
| CVE-2007-0182 | 1 Scriptaty | 1 Magic Photo Storage Website | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in includ ...
Show More |
|||||
| CVE-2007-2439 | 1 Caucho Technology | 1 Resin | 2025-04-09 | 9.4 HIGH | N/A |
|
Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension.
|
|||||
| CVE-2007-3931 | 1 Samsung | 1 Scx-4200 Driver | 2025-04-09 | 4.4 MEDIUM | N/A |
|
The wrap_setuid_third_party_application function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges.
|
|||||
| CVE-2007-2808 | 2 Gnu, Yngve Svendsen | 2 Gnats, Gnatsweb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
|
|||||
| CVE-2007-3280 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 9.0 HIGH | N/A |
|
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
|
|||||
| CVE-2007-2782 | 1 Packeteer | 1 Packetshaper | 2025-04-09 | 7.5 HIGH | N/A |
|
Packeteer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption.
|
|||||
| CVE-2007-3537 | 1 Ibm | 1 Os 400 | 2025-04-09 | 7.8 HIGH | N/A |
|
IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.
|
|||||
| CVE-2006-7121 | 1 Linksys | 1 Spa921 | 2025-04-09 | 7.8 HIGH | N/A |
|
The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication.
|
|||||
| CVE-2009-1358 | 1 Debian | 2 Advanced Package Tool, Apt | 2025-04-09 | 10.0 HIGH | N/A |
|
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
|
|||||
| CVE-2007-3792 | 1 Azerbaijan Development Group | 1 Azdgdating | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/.
|
|||||
| CVE-2007-1610 | 1 Glue Software | 1 Newsglue | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.
|
|||||
| CVE-2007-2877 | 1 Tcl Tk | 1 Tcl Tk | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.
|
|||||
| CVE-2007-0046 | 1 Adobe | 1 Acrobat Reader | 2025-04-09 | 7.5 HIGH | N/A |
|
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
|
|||||
| CVE-2007-4023 | 1 Aruba | 1 Mobility Controller | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2006-6465 | 1 Wikyblog | 1 Wikyblog | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in WBmap.php in WikyBlog 1.3.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. NOTE: CVE disputes this vulnerability because l is validated by ctype_alpha before use
|
|||||
| CVE-2007-3346 | 1 Php Accounts | 1 Php Accounts | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter.
|
|||||
| CVE-2007-2354 | 1 Progress | 1 Webspeed Messenger | 2025-04-09 | 7.8 HIGH | N/A |
|
Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information.
|
|||||
| CVE-2007-3362 | 3 Ageet, Htc, Microsoft | 3 Agephone, Hytn, Windows Mobile | 2025-04-09 | 7.8 HIGH | N/A |
|
ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter.
|
|||||
| CVE-2007-2948 | 1 Mplayer | 1 Mplayer | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.
|
|||||
| CVE-2007-3966 | 1 Iexpress | 1 Munch Pro | 2025-04-09 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880.
|
|||||
| CVE-2006-6537 | 1 Ibm | 1 Websphere Host On-demand | 2025-04-09 | 7.5 HIGH | N/A |
|
IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html.
|
|||||