Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2427 | 1 Pnflashgames | 1 Pnflashgames | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2007-1639 | 1 Phpprojekt | 1 Phpprojekt | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management module, or possibly unspecified other files.
|
|||||
| CVE-2007-0613 | 1 Apple | 3 Ichat, Instant Message Framework, Mdnsresponder | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.
|
|||||
| CVE-2007-2908 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.
|
|||||
| CVE-2006-5012 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.
|
|||||
| CVE-2007-0769 | 1 Phorum | 1 Phorum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly.
|
|||||
| CVE-2007-0331 | 1 Xentraz | 1 Liens Dynamiques | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu.
|
|||||
| CVE-2006-5836 | 1 Opendarwin | 1 Darwin Kernel | 2025-04-09 | 7.2 HIGH | N/A |
|
The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type.
|
|||||
| CVE-2006-5355 | 1 Oracle | 3 Application Server, Collaboration Suite, E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# SSO01.
|
|||||
| CVE-2006-6054 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
|
|||||
| CVE-2007-3890 | 1 Microsoft | 2 Excel, Office | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
|
|||||
| CVE-2006-5525 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.
|
|||||
| CVE-2007-2820 | 1 Ksign | 1 Ksignswat | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions.
|
|||||
| CVE-2007-3422 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
|
The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.
|
|||||
| CVE-2007-3234 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
|
|||||
| CVE-2006-5932 | 1 Kahua | 1 Kahua | 2025-04-09 | 7.5 HIGH | N/A |
|
Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts.
|
|||||
| CVE-2007-1368 | 1 Drupal | 1 Drupal Project Issue Tracking | 2025-04-09 | 3.5 LOW | N/A |
|
The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier.
|
|||||
| CVE-2007-1180 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
|
|||||
| CVE-2007-4175 | 1 Openrat | 1 Openrat Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters.
|
|||||
| CVE-2007-0552 | 1 Oh No Not Another Cms | 1 Oh No Not Another Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter.
|
|||||
| CVE-2006-5915 | 1 Samedia | 1 Landshop | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter.
|
|||||
| CVE-2006-6119 | 1 Mmgallery | 1 Mmgallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages.
|
|||||
| CVE-2006-6410 | 1 Vmware | 1 Workstation | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function.
|
|||||
| CVE-2008-7065 | 1 Siemens | 2 Gigaset C450 Ip, Gigaset C475 Ip | 2025-04-09 | 7.8 HIGH | N/A |
|
Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060.
|
|||||
| CVE-2007-4071 | 1 Tincan | 1 Webbler Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter.
|
|||||
| CVE-2006-5808 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".
|
|||||
| CVE-2006-5622 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.
|
|||||
| CVE-2007-1633 | 1 Giorgio Ciranni | 1 Splatt Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
|
|||||
| CVE-2006-5217 | 1 Emek Portal | 1 Emek Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp, also known as the Kullanici Adi (k_a) and Sifre (sifre) parameters.
|
|||||
| CVE-2006-6116 | 1 Fipsasp | 1 Fipsforum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter.
|
|||||
| CVE-2006-5783 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.8 HIGH | N/A |
|
Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service (crash) via a long URL in an A tag. NOTE: this issue has been disputed by several vendors, who could not reproduce the report. In addition, the scope of the impact - system freeze - suggests an issue that is not related to Firefox. Due to this impact, CVE concurs with the dispute
|
|||||
| CVE-2006-5264 | 1 Mysqldumper | 1 Mysqldumper | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter.
|
|||||
| CVE-2008-1353 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 4.3 MEDIUM | N/A |
|
zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.
|
|||||
| CVE-2006-6770 | 1 Jinzora | 1 Jinzora | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php.
|
|||||
| CVE-2006-6673 | 1 Winftp Server | 1 Winftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands.
|
|||||
| CVE-2006-6091 | 1 Grimbb | 1 Grimbb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2006-5737 | 1 Punbb | 1 Punbb | 2025-04-09 | 7.2 HIGH | N/A |
|
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.
|
|||||
| CVE-2007-2989 | 1 Sun | 1 Solaris | 2025-04-09 | 7.8 HIGH | N/A |
|
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
|
|||||
| CVE-2009-1157 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2025-04-09 | 7.8 HIGH | N/A |
|
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet.
|
|||||
| CVE-2006-6695 | 1 Carsen Klock | 1 Textsend | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||