Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5471 | 1 Suse | 1 Suse Linux | 2025-04-09 | 7.8 HIGH | N/A |
|
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration.
|
|||||
| CVE-2006-6120 | 1 Kde | 1 Koffice | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.
|
|||||
| CVE-2007-1979 | 1 Xoops | 1 Xoops Popnupblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.
|
|||||
| CVE-2006-6253 | 1 Cahier De Textes | 1 Cahier De Textes | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql.
|
|||||
| CVE-2006-6280 | 1 O2php.com | 1 Oxygen | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572.
|
|||||
| CVE-2007-4178 | 1 Amg Soft | 1 Webdirector | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter.
|
|||||
| CVE-2006-4839 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
|
|||||
| CVE-2006-6049 | 1 Phil Taylor | 1 Shambo2 | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2007-2852 | 1 Eset Software | 1 Nod32 Antivirus | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.
|
|||||
| CVE-2007-0483 | 1 Enthusiast | 1 Enthusiast | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6438 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file.
|
|||||
| CVE-2007-0210 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
|
The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.
|
|||||
| CVE-2007-1842 | 1 Jsboard | 1 Jsboard | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
|
|||||
| CVE-2006-7164 | 3 Ibm, Linux, Unix | 3 Websphere Application Server, Linux Kernel, Unix | 2025-04-09 | 4.3 MEDIUM | N/A |
|
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
|
|||||
| CVE-2008-1735 | 1 Bitdefender | 1 Antivirus | 2025-04-09 | 4.9 MEDIUM | N/A |
|
BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.
|
|||||
| CVE-2006-5213 | 1 Sun | 1 Solaris | 2025-04-09 | 3.6 LOW | N/A |
|
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).
|
|||||
| CVE-2008-1072 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 4.7 MEDIUM | N/A |
|
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.
|
|||||
| CVE-2007-3144 | 1 Mozilla | 1 Mozilla | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
|
|||||
| CVE-2007-1624 | 1 Realguestbook | 1 Realguestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0131 | 1 Jamwiki | 1 Jamwiki | 2025-04-09 | 7.5 HIGH | N/A |
|
JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki.
|
|||||
| CVE-2007-1106 | 1 Nomoketos Rules | 1 Nomoketos Rules | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-2309 | 1 Flowers | 1 Flowers | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6996 | 1 The War Forge | 1 Warforge.news | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1931 | 1 Smodcms | 1 Smodcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter.
|
|||||
| CVE-2007-2713 | 1 Ifusionservices | 1 Ifdate | 2025-04-09 | 10.0 HIGH | N/A |
|
ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.
|
|||||
| CVE-2007-2594 | 1 Phpmyportal | 1 Phpmyportal | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter.
|
|||||
| CVE-2006-6487 | 1 Dt Guestbook | 1 Dt Guestbook | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.
|
|||||
| CVE-2007-2955 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
|
|||||
| CVE-2007-0726 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.
|
|||||
| CVE-2007-2382 | 1 Mad4milk | 1 Moo.fx | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
|
|||||
| CVE-2007-4084 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.
|
|||||
| CVE-2007-1518 | 1 Woltlab | 1 Burning Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array.
|
|||||
| CVE-2006-6454 | 1 J-owamp | 1 Web Interface | 2025-04-09 | 10.0 HIGH | N/A |
|
execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3746 | 1 Apple | 3 Ichat, Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet.
|
|||||
| CVE-2006-6045 | 1 Comdev | 1 Comdev One Admin Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php.
|
|||||
| CVE-2007-1176 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer.
|
|||||
| CVE-2006-5380 | 1 Contenido | 1 Contendio | 2025-04-09 | 7.5 HIGH | N/A |
|
Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenido_path is set to a static value
|
|||||
| CVE-2008-1594 | 1 Ibm | 1 Aix | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
|
|||||
| CVE-2007-0570 | 1 Johannes Gijsbers | 1 Ad Fundum Integratable News Script | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter.
|
|||||
| CVE-2007-0251 | 1 Snort | 1 Snort | 2025-04-09 | 7.8 HIGH | N/A |
|
Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files.
|
|||||