Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5199 | 1 Adobe | 1 Contribute | 2025-04-09 | 2.1 LOW | N/A |
|
Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server.
|
|||||
| CVE-2007-3245 | 1 Irc Services | 1 Irc Services | 2025-04-09 | 5.0 MEDIUM | N/A |
|
IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote attackers to disconnect users with guest nicknames by linking a guest nickname to a nickname that is already registered.
|
|||||
| CVE-2007-3048 | 1 Gnu | 1 Screen | 2025-04-09 | 7.2 HIGH | N/A |
|
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
|
|||||
| CVE-2006-5400 | 1 Cyberbrau | 1 Cyberbrau | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in forum/track.php in CyberBrau 0.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
|
|||||
| CVE-2007-5632 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.
|
|||||
| CVE-2006-5549 | 1 Adobe | 1 Adobe Php Ria Sdk | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant
|
|||||
| CVE-2006-5542 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 4.0 MEDIUM | N/A |
|
backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements.
|
|||||
| CVE-2007-0329 | 1 Joonas Viljanen | 1 Jv2 Folder Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.
|
|||||
| CVE-2007-1448 | 1 Broadcom | 1 Brightstor Arcserve Backup | 2025-04-09 | 2.1 LOW | N/A |
|
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.
|
|||||
| CVE-2009-1663 | 1 Easy-scripts | 1 Answer And Question Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory.
|
|||||
| CVE-2007-3726 | 1 Rarlab | 1 Unrar | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.
|
|||||
| CVE-2007-1988 | 1 Phpecho Cms | 1 Phpecho Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2007-2286 | 1 Built2go | 1 Php Link Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter.
|
|||||
| CVE-2007-2543 | 1 Xoops | 1 Flashgames Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
|
|||||
| CVE-2006-6042 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter.
|
|||||
| CVE-2006-5856 | 1 Adobe | 1 Download Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file.
|
|||||
| CVE-2007-1100 | 1 Pickle | 1 Pickle | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2006-5155 | 1 Videodb | 1 Videodb | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.
|
|||||
| CVE-2007-2912 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
|
|||||
| CVE-2006-6105 | 1 Gnome | 1 Gdm | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
|
|||||
| CVE-2006-5053 | 1 Web-news | 1 Web-news | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter.
|
|||||
| CVE-2006-4169 | 1 Squirrelmail | 1 Gpg Plugin | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php.
|
|||||
| CVE-2007-0359 | 1 Uberghey | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
|
|||||
| CVE-2006-6145 | 1 Cryptocard | 1 Crypto-server | 2025-04-09 | 2.1 LOW | N/A |
|
CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1954 | 1 Archivexpert | 1 Archivexpert | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file.
|
|||||
| CVE-2008-2878 | 1 Yektaweb | 1 Academic Web Tools | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter.
|
|||||
| CVE-2006-6008 | 1 Netkit | 1 Netkit | 2025-04-09 | 6.5 MEDIUM | N/A |
|
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.
|
|||||
| CVE-2007-1429 | 1 Moodle | 1 Moodle | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php.
|
|||||
| CVE-2006-5928 | 1 Phpjobscheduler | 1 Phpjobscheduler | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter to (1) add-modify.php, (2) delete.php, (3) modify.php, and (4) phpjobscheduler.php.
|
|||||
| CVE-2007-0328 | 1 Macrovision | 2 Flexnet Connect, Update Service | 2025-04-09 | 9.3 HIGH | N/A |
|
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
|
|||||
| CVE-2006-5640 | 1 Techno Dreams | 1 Techno Dreams Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
|
|||||
| CVE-2006-5773 | 1 Freewebshop | 1 Freewebshop | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action parameter.
|
|||||
| CVE-2007-1123 | 1 Zpanel | 1 Zpanel | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1424 | 1 Softnews Media Group | 1 Datalife Engine | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-3875 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
|
|||||
| CVE-2006-5111 | 1 Libksba Library | 1 Libksba Library | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.
|
|||||
| CVE-2006-7206 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-09 | 7.8 HIGH | N/A |
|
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.
|
|||||
| CVE-2007-3171 | 1 Uebimiau | 1 Uebimiau | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.
|
|||||
| CVE-2007-3167 | 1 Vivotek | 1 Mjpegcontrol | 2025-04-09 | 7.6 HIGH | N/A |
|
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
|
|||||
| CVE-2009-3704 | 1 Zoiper | 1 Zoiper | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service (crash) via a SIP INVITE request with an empty Call-Info header.
|
|||||