Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0852 | 1 Freesshd | 1 Freesshd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
|
|||||
| CVE-2007-3011 | 1 Fujitsu | 1 Serverview | 2025-04-09 | 7.5 HIGH | N/A |
|
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.
|
|||||
| CVE-2008-0680 | 1 Microtik | 1 Routeros | 2025-04-09 | 7.8 HIGH | N/A |
|
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.
|
|||||
| CVE-2007-2574 | 1 Archangelmgt | 1 Weblog | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter.
|
|||||
| CVE-2007-2625 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2687 | 1 Microworld Technologies | 1 Escan | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command.
|
|||||
| CVE-2007-2939 | 1 Mazens Php Chat | 1 Mazens Php Chat | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.
|
|||||
| CVE-2007-2345 | 1 Codewand | 1 Phpbrowse | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
|
|||||
| CVE-2007-4288 | 1 Microsoft | 1 Windows Media Player | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au.
|
|||||
| CVE-2006-5497 | 1 Middlebury College | 1 Segue Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter.
|
|||||
| CVE-2007-4146 | 1 Webevents | 1 Webevents | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6382 | 1 Positive Software | 1 H-sphere | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0612 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocu ...
Show More |
|||||
| CVE-2007-2272 | 1 Advanced Webhost Billing System | 1 Advanced Webhost Billing System | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.php in Advanced Webhost Billing System (AWBS) 2.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the workdir parameter.
|
|||||
| CVE-2006-6752 | 1 Ftprush | 1 Ftprush | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Also, it is not clear whether this issue crosses security boundaries.
|
|||||
| CVE-2007-2179 | 1 Raiden Professional Servers | 1 Raidenftpd | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference.
|
|||||
| CVE-2006-6247 | 1 Uapplication | 1 Uphotogallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp.
|
|||||
| CVE-2007-1104 | 1 Php Mip | 1 Php Mip | 2025-04-09 | 4.3 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.
|
|||||
| CVE-2007-1133 | 1 Scripter.ch | 1 Fcring | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.
|
|||||
| CVE-2007-3083 | 1 Rainbowsoft | 1 Z-blog | 2025-04-09 | 7.8 HIGH | N/A |
|
Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb.
|
|||||
| CVE-2009-3008 | 1 Christophe Thibault | 1 K-meleon | 2025-04-09 | 4.3 MEDIUM | N/A |
|
K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
|
|||||
| CVE-2006-5512 | 1 Zwahlen Informatik | 1 Online Shop | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
|
|||||
| CVE-2006-5304 | 1 Inccms Technology | 1 Inccms Core | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
|
|||||
| CVE-2007-2819 | 1 Track\+ | 1 Track\+ | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter.
|
|||||
| CVE-2007-1734 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
|
The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.
|
|||||
| CVE-2006-5989 | 1 Mod Auth Kerb | 1 Mod Auth Kerb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
|
|||||
| CVE-2007-0616 | 1 Zenphoto | 1 Zenphoto | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
|
|||||
| CVE-2006-6257 | 1 Alternc | 1 Alternc | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message.
|
|||||
| CVE-2006-7234 | 1 Lynx | 1 Lynx | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
|
|||||
| CVE-2007-0931 | 2 Alcatel-lucent, Aruba | 2 Omniaccess Wireless, Mobility Controller | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.
|
|||||
| CVE-2007-1850 | 1 Drake Team | 1 Drake Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."
|
|||||
| CVE-2007-4100 | 1 Mldonkey | 1 Mldonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
|
MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.
|
|||||
| CVE-2009-0667 | 1 Ocsinventory-ng | 2 Ocs Inventory Ng, Ocsinventory-agent | 2025-04-09 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.
|
|||||
| CVE-2007-4323 | 1 Denyhosts | 1 Denyhosts | 2025-04-09 | 6.8 MEDIUM | N/A |
|
DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301.
|
|||||
| CVE-2006-6411 | 1 Linksys | 1 Wip 330 Wireless-g Ip Phone | 2025-04-09 | 7.8 HIGH | N/A |
|
PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap.
|
|||||
| CVE-2007-1331 | 1 Tks Banking Solutions | 1 Eportfolio | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4323 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322.
|
|||||
| CVE-2006-6575 | 1 Brian Drawert | 1 Yaplap | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGIN_style parameter.
|
|||||
| CVE-2007-1872 | 1 Toenda Software Development | 1 Toendacms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id.
|
|||||
| CVE-2007-2124 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05.
|
|||||