Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4499 | 1 American Financing | 1 Email Image Upload | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5532 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5760 | 2 X.org, Xfree86 Project | 2 Xserver, Xfree86-misc | 2025-04-09 | 9.3 HIGH | N/A |
|
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
|
|||||
| CVE-2006-5346 | 1 Oracle | 3 Collaboration Suite, E-business Suite, Http Server | 2025-04-09 | 7.6 HIGH | N/A |
|
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors related to htdigest, aka Vuln# OHS02.
|
|||||
| CVE-2007-1230 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.
|
|||||
| CVE-2007-2909 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
|
|||||
| CVE-2007-2570 | 1 Guilain Omont | 1 Wikivi5 | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter.
|
|||||
| CVE-2006-6924 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.
|
|||||
| CVE-2006-5251 | 1 Deep Cms | 1 Deep Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-5922 | 1 Wheatblog | 1 Wheatblog | 2025-04-09 | 5.0 MEDIUM | N/A |
|
index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message.
|
|||||
| CVE-2007-0965 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request.
|
|||||
| CVE-2007-3341 | 1 Microsoft | 2 All Windows, Internet Explorer | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217.
|
|||||
| CVE-2006-4927 | 1 Symantec | 2 Naveng Driver, Navex15 Driver | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.
|
|||||
| CVE-2006-6819 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-09 | 6.4 MEDIUM | N/A |
|
AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db.
|
|||||
| CVE-2007-3236 | 1 Xoops | 1 Horoscope Module | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter.
|
|||||
| CVE-2007-3046 | 1 Advanced Software Production Line | 1 Vortex Library | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-1369 | 1 Zend | 1 Zend Platform | 2025-04-09 | 4.4 MEDIUM | N/A |
|
ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
|
|||||
| CVE-2007-0338 | 1 Bolintech | 1 Dreamftp Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log.
|
|||||
| CVE-2006-5650 | 1 Aol | 1 Icq | 2025-04-09 | 7.5 HIGH | N/A |
|
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
|
|||||
| CVE-2006-5086 | 1 Pixel Motion | 1 Pixel Motion Blog | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not.
|
|||||
| CVE-2006-5969 | 1 Fvwm | 1 Fvwm | 2025-04-09 | 4.6 MEDIUM | N/A |
|
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.
|
|||||
| CVE-2007-0470 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 7.2 HIGH | N/A |
|
Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.
|
|||||
| CVE-2006-5770 | 1 Ac4p | 1 Ac4p Mobile | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php.
|
|||||
| CVE-2006-5054 | 1 Iyzi Forum | 1 Iyzi Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter.
|
|||||
| CVE-2007-4201 | 1 Guidance Software | 1 Encase | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035.
|
|||||
| CVE-2007-3605 | 1 Sap | 1 Enjoysap | 2025-04-09 | 7.6 HIGH | N/A |
|
Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.
|
|||||
| CVE-2006-7097 | 1 Taskfreak | 1 Taskfreak | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors.
|
|||||
| CVE-2007-1409 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
|
|||||
| CVE-2007-4380 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.2 HIGH | N/A |
|
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer.
|
|||||
| CVE-2007-5906 | 1 Xensource Inc | 1 Xen | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints.
|
|||||
| CVE-2007-4360 | 1 Dell | 1 Remote Access Card | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability.
|
|||||
| CVE-2007-1118 | 1 Efiction | 1 Efiction | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.
|
|||||
| CVE-2006-5417 | 1 Mcafee | 4 Internet Security Suite, Network Agent, Personal Firewall Plus and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-5879 | 1 Aspportal | 1 Aspportal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
|
|||||
| CVE-2007-3950 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 4.3 MEDIUM | N/A |
|
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules.
|
|||||
| CVE-2006-5775 | 1 Funkboard | 1 Funkboard | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name parameter.
|
|||||
| CVE-2007-2823 | 1 Ht Editor | 1 Ht Editor | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width. NOTE: some of the details were obtained from third party information.
|
|||||
| CVE-2006-4248 | 1 Acme Labs | 1 Thttpd | 2025-04-09 | 7.2 HIGH | N/A |
|
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
|
|||||
| CVE-2007-0277 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.
|
|||||
| CVE-2007-1572 | 1 Sourceforge | 1 Jgbbs | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||