Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2549 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.
|
|||||
| CVE-2007-3947 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 5.8 MEDIUM | N/A |
|
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
|
|||||
| CVE-2007-0026 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 7.6 HIGH | N/A |
|
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
|
|||||
| CVE-2006-5615 | 1 Textpattern | 1 Textpattern | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter.
|
|||||
| CVE-2007-1515 | 1 Horde | 1 Imp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4522 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6 ...
Show More |
|||||
| CVE-2007-2496 | 1 Office Ocx | 1 Word Viewer Ocx | 2025-04-09 | 7.8 HIGH | N/A |
|
The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value.
|
|||||
| CVE-2007-3256 | 1 Xythos | 3 Digital Locker, Enterprise Document Manager, Webfile Server | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution.
|
|||||
| CVE-2007-4179 | 1 Hp | 2 Address And Routing Parameter Area\(arpa\) Transport, Hp-ux | 2025-04-09 | 1.5 LOW | N/A |
|
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from CVE-2007-0916, but this is not certain due to lack of vendor details.
|
|||||
| CVE-2006-5930 | 1 Aigaion | 1 Aigaion | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php.
|
|||||
| CVE-2007-3820 | 1 Kde | 1 Konqueror | 2025-04-09 | 2.6 LOW | N/A |
|
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
|
|||||
| CVE-2006-6332 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.
|
|||||
| CVE-2006-6266 | 1 Microsoft | 1 Teredo | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties.
|
|||||
| CVE-2006-7083 | 1 Rigter Portal System | 1 Rigter Portal System | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter.
|
|||||
| CVE-2007-2950 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2025-04-09 | 7.2 HIGH | N/A |
|
Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.
|
|||||
| CVE-2007-3087 | 1 Peercast | 1 Peercast | 2025-04-09 | 7.8 HIGH | N/A |
|
Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information.
|
|||||
| CVE-2007-4232 | 1 Andreas Robertz | 1 Phpnews | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.
|
|||||
| CVE-2007-1111 | 1 Activecalendar | 1 Activecalendar | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.
|
|||||
| CVE-2007-2020 | 1 Xodagallery | 1 Xodagallery | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
|
Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion
|
|||||
| CVE-2006-6935 | 1 Portix-php | 1 Portix-php | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields.
|
|||||
| CVE-2007-1561 | 1 Asterisk | 1 Asterisk | 2025-04-09 | 7.8 HIGH | N/A |
|
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
|
|||||
| CVE-2006-6439 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | 7.8 HIGH | N/A |
|
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to download the audit log and obtain potentially sensitive information via unspecified vectors.
|
|||||
| CVE-2007-1680 | 1 Yahoo | 1 Messenger | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.
|
|||||
| CVE-2006-5230 | 1 Freeforum | 1 Freeforum | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
|
|||||
| CVE-2006-5536 | 1 D-link | 1 Dsl-g624t | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
|
|||||
| CVE-2007-0996 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
|
|||||
| CVE-2008-0313 | 1 Symantec | 4 Norton 360, Norton Antivirus, Norton Internet Security and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
|
|||||
| CVE-2006-6229 | 1 Codewalkers | 1 Ltwcalendar | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.
|
|||||
| CVE-2006-5441 | 1 Comdev | 1 Comdev Web Blogger | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2007-0684 | 1 Cerulean Portal System | 1 Cerulean Portal System | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2006-7111 | 1 Futomis Cgi Cafe | 1 Kmail Cgi | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors.
|
|||||
| CVE-2006-5642 | 1 Nmnlogger | 1 Nmnlogger | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers.
|
|||||
| CVE-2007-1866 | 1 Dproxy | 1 Dproxy | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465.
|
|||||
| CVE-2006-6714 | 1 Hitachi | 1 Hitachi Directory Server 2 | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests.
|
|||||
| CVE-2008-6997 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action.
|
|||||
| CVE-2007-3491 | 1 Progress | 1 Openedge | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.
|
|||||
| CVE-2007-2617 | 1 Sun | 2 Net Connect Software, Solaris | 2025-04-09 | 2.1 LOW | N/A |
|
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
|
|||||
| CVE-2007-2158 | 1 Kooijman-design | 1 Jgallery | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter.
|
|||||
| CVE-2007-3525 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6413 | 1 Amateras | 1 Amateras Sns | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||