Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3055 | 1 Codelib | 1 Linker | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
|
|||||
| CVE-2007-2308 | 1 Flowers | 1 Flowers | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter.
|
|||||
| CVE-2006-5588 | 1 Cms Faethon | 1 Cms Faethon | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185.
|
|||||
| CVE-2007-3021 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.
|
|||||
| CVE-2006-5069 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2007-1445 | 1 Betaparticle | 1 Betaparticle Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.
|
|||||
| CVE-2007-1714 | 1 Cccounter | 1 Cccounter | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter.
|
|||||
| CVE-2007-1048 | 1 Phpbb Wordsearch | 1 Phpbb Wordsearch | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-0437 | 1 Intersystems | 1 Cache Database | 2025-04-09 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object ...
Show More |
|||||
| CVE-2006-6012 | 1 Mginternet | 1 Car Site Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-7140 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
|
|||||
| CVE-2007-4229 | 1 Kde | 1 Konqueror | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5200 | 1 Adobe | 1 Breeze Licensed Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze 5.1 Licensed Server allows attackers to read arbitrary files via unknown vectors related to "URL parsing."
|
|||||
| CVE-2007-0511 | 1 Phpxmldom | 1 Phpxmldom | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.
|
|||||
| CVE-2006-7016 | 1 Phpjobboard | 1 Phpjobboard | 2025-04-09 | 7.5 HIGH | N/A |
|
phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit.
|
|||||
| CVE-2007-2487 | 1 Atomix Productions | 1 Atomixmp3 | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287.
|
|||||
| CVE-2007-2761 | 1 Magiciso | 1 Magiciso | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allows remote attackers to execute arbitrary code via a long filename in a .cue file.
|
|||||
| CVE-2008-0236 | 1 Microsoft | 1 Visual Foxpro | 2025-04-09 | 5.8 MEDIUM | N/A |
|
An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.
|
|||||
| CVE-2007-4326 | 1 Mapos Scripts | 1 Bilder Uploader | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts.
|
|||||
| CVE-2007-0050 | 1 Openpinboard | 1 Openpinboard | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete
|
|||||
| CVE-2009-4451 | 1 Php.html | 1 Kandalf Upper | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in upper.php in kandalf upper 0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in fileup/.
|
|||||
| CVE-2006-6776 | 1 Future Internet | 1 Future Internet | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm.
|
|||||
| CVE-2006-7191 | 1 Ldap Account Manager | 1 Ldap Account Manager | 2025-04-09 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.
|
|||||
| CVE-2006-5666 | 1 Asmir Alic | 1 E Annu | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6834 | 1 Joomla | 1 Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."
|
|||||
| CVE-2008-1546 | 1 Mitsubishi Electric | 1 Gb | 2025-04-09 | 7.8 HIGH | N/A |
|
servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command.
|
|||||
| CVE-2006-5593 | 1 Neo Japan | 1 Desknets | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow remote authenticated users to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4400 | 1 Konversation | 1 Konversation | 2025-04-09 | 6.8 MEDIUM | N/A |
|
CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
|
|||||
| CVE-2007-0655 | 1 Microworld Technologies | 1 Escan | 2025-04-09 | 10.0 HIGH | N/A |
|
The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.
|
|||||
| CVE-2007-2550 | 1 Devellion | 1 Cubecart | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
|
|||||
| CVE-2007-3945 | 2 Linux, Rsbac | 2 Linux Kernel, Rule Set Based Access Control | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.
|
|||||
| CVE-2007-4425 | 1 Live For Speed | 1 Live For Speed | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 allow remote authenticated users to (1) cause a denial of service (server crash) and probably execute arbitrary code via an ID 3 packet with a long nickname field, and (2) cause a denial of service (server crash) via an ID 10 packet containing a long string corresponding to an unavailable track.
|
|||||
| CVE-2007-1265 | 1 Kde | 1 K-mail | 2025-04-09 | 7.8 HIGH | N/A |
|
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
|
|||||
| CVE-2006-6863 | 1 Enigma | 1 Wordpress Bridge | 2025-04-09 | 10.0 HIGH | 9.8 CRITICAL |
|
PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value
|
|||||
| CVE-2007-0724 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.
|
|||||
| CVE-2007-0730 | 1 Apple | 2 Mac Os X, Server Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration.
|
|||||
| CVE-2006-5977 | 1 Expinion.net | 1 Multicalendars | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293.
|
|||||
| CVE-2006-6785 | 1 Open Newsletter | 1 Open Newsletter | 2025-04-09 | 7.5 HIGH | N/A |
|
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.
|
|||||
| CVE-2008-1148 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.
|
|||||
| CVE-2006-5215 | 3 Netbsd, Sun, X.org | 4 Netbsd, Solaris, Sunos and 1 more | 2025-04-09 | 2.6 LOW | N/A |
|
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
|
|||||