Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5432 | 1 Marc Giombetti | 1 Phppowercards | 2025-04-09 | 2.6 LOW | N/A |
|
Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file.
|
|||||
| CVE-2007-4228 | 1 Ibm | 1 Aix | 2025-04-09 | 4.7 MEDIUM | N/A |
|
rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.
|
|||||
| CVE-2007-2746 | 1 Plain Black | 1 Webgui | 2025-04-09 | 3.5 LOW | N/A |
|
The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact.
|
|||||
| CVE-2006-5015 | 1 Kietu | 1 Kietu | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter.
|
|||||
| CVE-2007-0477 | 1 Openads | 1 Openads | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.
|
|||||
| CVE-2006-6731 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_a ...
Show More |
|||||
| CVE-2007-6683 | 1 Videolan | 1 Vlc | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
|
|||||
| CVE-2009-3047 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
|
|||||
| CVE-2007-2390 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
|
|||||
| CVE-2007-2187 | 1 Extremail | 1 Extremail | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926.
|
|||||
| CVE-2006-6790 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-09 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.
|
|||||
| CVE-2008-2142 | 1 Gnu | 2 Emacs, Xemacs | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
|
|||||
| CVE-2007-1900 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
|
|||||
| CVE-2007-2943 | 1 Webavis | 1 Webavis | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
|
|||||
| CVE-2006-4387 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications.
|
|||||
| CVE-2007-4035 | 1 Guidance Software | 1 Encase | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, ...
Show More |
|||||
| CVE-2006-7175 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2025-04-09 | 7.5 HIGH | N/A |
|
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.
|
|||||
| CVE-2007-3549 | 1 Vastal I-tech | 1 Buddy Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-2008-5503 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 2.6 LOW | N/A |
|
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
|
|||||
| CVE-2006-6089 | 1 Baalasp | 1 Baalasp Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field.
|
|||||
| CVE-2007-0490 | 1 Open-realty | 1 Open-realty | 2025-04-09 | 5.0 MEDIUM | N/A |
|
index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.
|
|||||
| CVE-2007-0618 | 1 Ibm | 1 Aix | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
|
|||||
| CVE-2007-1355 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
|
|||||
| CVE-2007-2369 | 2 Php, Webspell | 2 Php, Webspell | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
|
|||||
| CVE-2006-6960 | 1 Webroot Software | 1 Spy Sweeper | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression.
|
|||||
| CVE-2007-0535 | 1 Vote Pro | 1 Vote Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5429 | 1 Barry Nauta | 1 Brim | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter in template.tpl.php in (1) templates/barrel/, (2) templates/sidebar/, (3) templates/text-only, (4) templates/slashdot/, (5) templates/penguin/, (6) templates/pda/, (7) templates/oerdec/, (8) templates/nifty/, (9) templates/mylook, and (10) templates/barry/.
|
|||||
| CVE-2008-4787 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025.
|
|||||
| CVE-2006-5564 | 1 Maxdev | 1 Md-pro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2007-4256 | 1 Ynp | 1 Portal Systems | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.
|
|||||
| CVE-2007-4389 | 1 2wire | 3 1701hg Router, 1800hw Router, 2071 Router | 2025-04-09 | 7.8 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.
|
|||||
| CVE-2007-2153 | 1 Atmail | 1 Atmail Webmail | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
|||||
| CVE-2006-6792 | 1 Mxmania | 1 Calendar Mx Basic | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5312 | 1 Phpbb | 1 Ajax Shoutbox | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Shoutbox 0.0.5 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2006-5120 | 1 Scott Metoyer | 1 Red Mombin | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php.
|
|||||
| CVE-2007-0740 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files.
|
|||||
| CVE-2007-4506 | 1 Joomla | 1 Neorecruit | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.
|
|||||
| CVE-2006-6527 | 1 Gizzar | 1 Gizzar | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0715 | 1 Apple | 1 Quicktime | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.
|
|||||
| CVE-2007-4196 | 1 Brian Carrier | 1 The Slueth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image.
|
|||||