Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1532 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.
|
|||||
| CVE-2007-3547 | 1 Qt-cute | 1 Quickticket | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2007-1930 | 1 Cattadoc | 1 Cattadoc | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.
|
|||||
| CVE-2007-2536 | 1 Picozip | 1 Picozip | 2025-04-09 | 7.8 HIGH | N/A |
|
PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
|
|||||
| CVE-2007-3173 | 1 Almnzm | 1 Almnzm | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters.
|
|||||
| CVE-2007-0383 | 1 Wdaemon | 1 Wdaemon | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WDaemon 9.5.4 allows remote attackers to access the /WorldClient.dll URI on TCP port 3000, which has unknown impact. NOTE: The researcher reports that the vendor response was "this is not a security bug.
|
|||||
| CVE-2006-6171 | 1 Proftpd Project | 1 Proftpd | 2025-04-09 | 7.5 HIGH | N/A |
|
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected ...
Show More |
|||||
| CVE-2006-6350 | 1 Iisworks | 1 Listpics | 2025-04-09 | 10.0 HIGH | N/A |
|
listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb.
|
|||||
| CVE-2008-1116 | 1 Rising Antivirus International | 1 Rising Web Scan Object | 2025-04-09 | 9.3 HIGH | N/A |
|
Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-7042 | 1 Chipmunk Scripts | 1 Chipmunk Directory | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter.
|
|||||
| CVE-2007-1022 | 1 Turuncu Portal | 1 Turuncu Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4463 | 2 Fransois Gannier, Ghisler | 2 Fileinfo Plugin, Total Commander | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
|
|||||
| CVE-2006-5123 | 1 Phprojekt | 1 Phprojekt | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609.
|
|||||
| CVE-2006-6889 | 1 Freestyle | 1 Freestyle Wiki | 2025-04-09 | 7.5 HIGH | N/A |
|
FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat.
|
|||||
| CVE-2007-0834 | 1 Darrens 5-dollar Script Archive | 1 Flashchat | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3217 | 1 Prototype Of An Php Application | 1 Prototype Of An Php Application | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (5) loginmodif.php, (6) index.php, and (7) ident.inc.php in ident/; (8) menuadministration.php and (9) menuprincipal.php in menu/; (10) param.inc.php in param/; (11) index.php in plugins/phpgacl/; and (12) index.php and (13) co ...
Show More |
|||||
| CVE-2006-5219 | 1 Moodle | 1 Moodle | 2025-04-09 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter.
|
|||||
| CVE-2009-4081 | 1 Dag.wieers | 1 Dstat | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894.
|
|||||
| CVE-2006-5482 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 2.1 LOW | N/A |
|
ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX.
|
|||||
| CVE-2007-3927 | 1 Ipswitch | 2 Imail Server, Ipswitch Collaboration Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."
|
|||||
| CVE-2008-1902 | 1 Debian | 1 Aptlinex | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL.
|
|||||
| CVE-2006-4406 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2008-4315 | 2 Openpegasus, Redhat | 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 6.8 MEDIUM | N/A |
|
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
|
|||||
| CVE-2007-3505 | 1 Qt-cute | 1 Quicktalk Forum | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php.
|
|||||
| CVE-2006-6845 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.
|
|||||
| CVE-2007-2131 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01.
|
|||||
| CVE-2006-5648 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-09 | 4.6 MEDIUM | 5.5 MEDIUM |
|
Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed.
|
|||||
| CVE-2007-3541 | 1 Kurinton | 1 Shttpd | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-0564 | 1 Symantec | 1 Web Security | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.
|
|||||
| CVE-2007-1189 | 1 Bell Labs | 1 Plan 9 | 2025-04-09 | 7.2 HIGH | N/A |
|
Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.
|
|||||
| CVE-2007-1495 | 1 Symantec | 1 Norton Personal Firewall | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.
|
|||||
| CVE-2007-4262 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2025-04-09 | 8.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/.
|
|||||
| CVE-2007-3238 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.
|
|||||
| CVE-2006-6688 | 1 Web-app.net | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
|
Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET) allows remote attackers to bypass filtering mechanisms via unknown vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2040 | 1 Cisco | 3 Aironet 1000-series, Aironet 1500-series, Wireless Lan Controller Software | 2025-04-09 | 6.2 MEDIUM | N/A |
|
Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.
|
|||||
| CVE-2006-5719 | 1 Bytesfall Explorer | 1 Bytesfall Explorer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in libs/sessions.lib.php in BytesFall Explorer (bfExplorer) 0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, a different issue than CVE-2006-5606.
|
|||||
| CVE-2008-0894 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.
|
|||||
| CVE-2007-4415 | 1 Cisco | 1 Vpn Client | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
|
|||||
| CVE-2007-1174 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6786 | 1 Open Newsletter | 1 Open Newsletter | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.
|
|||||