Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0181 | 1 Scriptaty | 1 Magic Photo Storage Website | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter.
|
|||||
| CVE-2007-2755 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2025-04-09 | 10.0 HIGH | N/A |
|
The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744.
|
|||||
| CVE-2006-5398 | 1 Simplog | 1 Simplog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2006-6506 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits.
|
|||||
| CVE-2008-7104 | 1 Sophos | 1 Puremessage For Microsoft Exchange | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file.
|
|||||
| CVE-2007-3235 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection.
|
|||||
| CVE-2006-5931 | 1 Aigaion | 1 Aigaion | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
|
|||||
| CVE-2006-5297 | 1 Mutt | 1 Mutt | 2025-04-09 | 1.2 LOW | N/A |
|
Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
|
|||||
| CVE-2007-2783 | 1 Rational Software | 1 Hidden Administrator | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE.
|
|||||
| CVE-2007-1449 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2006-5563 | 1 Yahoo | 1 Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2008-6442 | 1 Sina | 1 Dloader | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3584 | 1 Postnuke Software Foundation | 1 Pnphpbb2 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.
|
|||||
| CVE-2006-5024 | 1 Paisterist | 1 Simple Http Scanner | 2025-04-09 | 10.0 HIGH | 9.8 CRITICAL |
|
Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors.
|
|||||
| CVE-2008-1335 | 1 Netbsd | 2 Netbsd, Netbsd Current | 2025-04-09 | 9.3 HIGH | N/A |
|
The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.
|
|||||
| CVE-2007-4080 | 1 Alstrasoft | 1 E-friends | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
|
|||||
| CVE-2007-0907 | 2 Php, Trustix | 2 Php, Secure Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
|
|||||
| CVE-2007-0866 | 1 Hp | 1 Openview Storage Data Protector | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2007-2033 | 1 Cisco | 1 Wireless Control System | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596.
|
|||||
| CVE-2007-4117 | 1 Platon | 1 Phpwebfilemanager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use
|
|||||
| CVE-2006-6799 | 1 The Cacti Group | 1 Cacti | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.
|
|||||
| CVE-2007-2489 | 1 Livedata | 1 Protocol Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call.
|
|||||
| CVE-2007-4242 | 1 Astaro | 1 Security Gateway | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.
|
|||||
| CVE-2007-4249 | 1 Exportnation | 1 Exportnation Toolbar | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.
|
|||||
| CVE-2006-5555 | 1 Epnadmin | 1 Epnadmin | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter.
|
|||||
| CVE-2007-3522 | 1 Sphpell | 1 Sphpell | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
|
|||||
| CVE-2007-0097 | 1 Conexware | 1 Powerarchiver 2006 | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.
|
|||||
| CVE-2007-1447 | 1 Broadcom | 1 Brightstor Arcserve Backup | 2025-04-09 | 10.0 HIGH | N/A |
|
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076.
|
|||||
| CVE-2006-6406 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
|
|||||
| CVE-2006-5241 | 1 Opendock | 1 Easy Gallery | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts.
|
|||||
| CVE-2006-5407 | 1 Osticket | 1 Osticket | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
|
|||||
| CVE-2007-1408 | 1 Vallheru | 1 Vallheru | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term.
|
|||||
| CVE-2007-1009 | 1 Macrovision | 1 Installanywhere | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.
|
|||||
| CVE-2007-4020 | 1 Brain Book Software | 1 Adman | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in login.php in AdMan 1.0.20051202 FF 3 patch and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters.
|
|||||
| CVE-2007-2618 | 1 Drake Team | 1 Drake Cms | 2025-04-09 | 5.1 MEDIUM | N/A |
|
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."
|
|||||
| CVE-2006-6227 | 1 Neoengine | 1 Neoengine | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference.
|
|||||
| CVE-2007-4199 | 1 Brian Carrier | 1 The Slueth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat.
|
|||||
| CVE-2007-3546 | 1 Nessus | 1 Nessus | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-1018 | 1 Virtualsystem | 1 Vs-news-system | 2025-04-09 | 9.3 HIGH | N/A |
|
PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5926 | 1 Vallheru | 1 Vallheru | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information.
|
|||||