Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3870 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 Bundle 11 allow local users to have unknown impact via unknown vectors, aka (1) PSE06 and (2) PSE07.
|
|||||
| CVE-2007-0317 | 1 Filezilla | 1 Filezilla | 2025-04-09 | 7.5 HIGH | N/A |
|
Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-1464 | 1 Inkscape | 1 Inkscape | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2006-5504 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter.
|
|||||
| CVE-2007-0082 | 1 Imgallery | 1 Imgallery | 2025-04-09 | 6.5 MEDIUM | N/A |
|
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
|
|||||
| CVE-2007-0813 | 1 Home Production | 1 Mysearchengine | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-4186 | 1 Joomla | 1 Tour De France Pool | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2007-2853 | 1 H\+h | 2 Vcdapilibapi Activex Control, Virtual Cd | 2025-04-09 | 10.0 HIGH | N/A |
|
The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function.
|
|||||
| CVE-2007-1304 | 1 Savas Place | 1 Savas Guestbook | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.
|
|||||
| CVE-2007-1813 | 1 Inconnueteam | 1 Ecal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.
|
|||||
| CVE-2007-0644 | 1 Apple | 1 Safari | 2025-04-09 | 7.1 HIGH | N/A |
|
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.
|
|||||
| CVE-2006-5476 | 1 Drupal | 1 Drupal | 2025-04-09 | 7.5 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
|
|||||
| CVE-2007-1816 | 1 Xoops | 1 Tutoriais Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2006-7030 | 1 Microsoft | 8 Ie, Windows 2000, Windows 2003 Server and 5 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.
|
|||||
| CVE-2007-0279 | 1 Oracle | 2 E-business Suite, Http Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.
|
|||||
| CVE-2007-3889 | 1 Insanely Simple Blog | 1 Insanely Simple Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors.
|
|||||
| CVE-2007-0666 | 1 Ipswitch | 1 Ws Ftp Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.
|
|||||
| CVE-2007-1574 | 1 Care2x | 1 Care2x | 2025-04-09 | 5.0 MEDIUM | N/A |
|
CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5948 | 1 Ringsworld | 1 Phppeanuts | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.
|
|||||
| CVE-2006-5877 | 2 Enigmail, Ubuntu | 2 Enigmail, Ubuntu Linux | 2025-04-09 | 7.8 HIGH | N/A |
|
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
|
|||||
| CVE-2007-3112 | 1 The Cacti Group | 1 Cacti | 2025-04-09 | 7.8 HIGH | N/A |
|
graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.
|
|||||
| CVE-2007-0902 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-4332 | 1 Ibm | 1 Db2 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.
|
|||||
| CVE-2007-4944 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.
|
|||||
| CVE-2007-3566 | 1 Borland Software | 1 Interbase | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.
|
|||||
| CVE-2006-5386 | 1 Nuralstorm | 1 Nuralstorm Webmail | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in process.php in NuralStorm Webmail 0.98b and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DEFAULT_SKIN parameter.
|
|||||
| CVE-2007-4107 | 1 Phpmyforum | 1 Phpmyforum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-5414 | 1 Barry Nauta | 1 Brim | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Barry Nauta BRIM before 1.2.1 allows remote authenticated users to read information from other users via a modified URL.
|
|||||
| CVE-2007-2988 | 1 Inout Scripts | 1 Inout Meta Search Engine | 2025-04-09 | 7.5 HIGH | N/A |
|
A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php.
|
|||||
| CVE-2006-6097 | 1 Gnu | 1 Tar | 2025-04-09 | 4.0 MEDIUM | N/A |
|
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
|
|||||
| CVE-2006-5222 | 1 Dimension Of Phpbb | 1 Dimension Of Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Dimension of phpBB 0.2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/themen_portal_mitte.php or (2) includes/logger_engine.php.
|
|||||
| CVE-2007-2576 | 1 East Wind Software | 1 Advdaudio.ocx | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976.
|
|||||
| CVE-2006-4390 | 1 Apple | 1 Mac Os X | 2025-04-09 | 2.6 LOW | N/A |
|
CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.
|
|||||
| CVE-2007-3485 | 1 Yandex | 1 Yandex.server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI.
|
|||||
| CVE-2007-3989 | 1 Asp Indir | 1 Dora Emlak | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3257 | 1 Gnome | 1 Evolution | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
|
|||||
| CVE-2007-4424 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content.
|
|||||
| CVE-2007-0285 | 1 Oracle | 3 Application Server, Collaboration Suite, E-business Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.
|
|||||
| CVE-2007-1955 | 1 Signkorea | 1 Skcommax Activex Control | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0306 | 1 Sap | 1 Maxdb | 2025-04-09 | 6.9 MEDIUM | N/A |
|
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.
|
|||||