Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2238 | 1 Dmxready | 1 Registration Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager.
|
|||||
| CVE-2006-7000 | 1 Headstart Solutions | 1 Deskpro | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.
|
|||||
| CVE-2007-3296 | 1 Xunlei | 1 Web Thunderbolt | 2025-04-09 | 9.3 HIGH | N/A |
|
The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods.
|
|||||
| CVE-2007-4211 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 6.0 MEDIUM | N/A |
|
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
|
|||||
| CVE-2007-0360 | 1 Oreon Project | 1 Oreon | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
|
|||||
| CVE-2007-1965 | 1 Exv2 | 1 Content Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.
|
|||||
| CVE-2006-7178 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 7.8 HIGH | N/A |
|
MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.
|
|||||
| CVE-2006-5037 | 1 Squiz | 1 Mysource Matrix | 2025-04-09 | 6.8 MEDIUM | N/A |
|
MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.
|
|||||
| CVE-2007-0944 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
|
|||||
| CVE-2007-3495 | 1 Sap | 2 Sap Basis Component 640, Sap Basis Component 700 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.
|
|||||
| CVE-2008-1531 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
|
|||||
| CVE-2007-0663 | 1 Eclectic Designs | 1 Cascadianfaq | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1894 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
|
|||||
| CVE-2007-2421 | 1 Hitachi | 1 Groupmax Mobile Option | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2009-3864 | 2 Microsoft, Sun | 3 Windows, Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
|
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
|
|||||
| CVE-2007-2591 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2025-04-09 | 7.5 HIGH | N/A |
|
usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action.
|
|||||
| CVE-2007-1073 | 1 Mcrefer | 1 Mcrefer | 2025-04-09 | 10.0 HIGH | N/A |
|
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.
|
|||||
| CVE-2007-2724 | 1 Fotolog | 1 Fotolog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter.
|
|||||
| CVE-2008-2948 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
|
|||||
| CVE-2008-3746 | 1 Webdav | 1 Neon | 2025-04-09 | 4.3 MEDIUM | N/A |
|
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
|
|||||
| CVE-2007-3838 | 1 Tbdev.net | 1 Dr | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4386 | 1 Getmyownarcade | 1 Getmyownarcade | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter.
|
|||||
| CVE-2007-2670 | 1 Globalmegacorp | 1 Phpchain | 2025-04-09 | 4.3 MEDIUM | N/A |
|
PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations.
|
|||||
| CVE-2007-1289 | 1 Tyger | 1 Bug Tracking System | 2025-04-09 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.
|
|||||
| CVE-2007-0848 | 1 Maian Recipe | 1 Maian Recipe | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
|
|||||
| CVE-2007-1120 | 1 Steema Software | 1 Teechart Pro | 2025-04-09 | 9.3 HIGH | N/A |
|
The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4397 | 6 Irssi, Kristof Korwisi, Mikachu and 3 more | 7 Irssi, Ixmmsa, L33t Xmms Music Showing Script and 4 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
|
|||||
| CVE-2006-5036 | 1 Squiz | 2 Mysource Classic, Mysource Matrix | 2025-04-09 | 6.8 MEDIUM | N/A |
|
MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.
|
|||||
| CVE-2006-6939 | 1 Gnu | 1 Ed | 2025-04-09 | 4.6 MEDIUM | N/A |
|
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
|
|||||
| CVE-2008-1070 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
|
|||||
| CVE-2007-2920 | 1 Zoomify | 1 Zoomify Viewer Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2006-6655 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 1.7 LOW | N/A |
|
The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference.
|
|||||
| CVE-2007-3555 | 1 Moodle | 1 Moodle | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.
|
|||||
| CVE-2006-5799 | 1 Xenis | 1 Xenis.creator Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters.
|
|||||
| CVE-2006-6071 | 1 Twiki | 1 Twiki | 2025-04-09 | 9.0 HIGH | N/A |
|
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
|
|||||
| CVE-2007-0475 | 1 Smb4k | 1 Smb4k | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.
|
|||||
| CVE-2006-6703 | 1 Oracle | 2 Oracle10g, Oracle9i | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
|
|||||
| CVE-2007-3350 | 2 Aol, Microsoft | 2 Instant Messenger, Windows Xp | 2025-04-09 | 7.8 HIGH | N/A |
|
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests.
|
|||||
| CVE-2007-3729 | 1 Hp | 1 Openvms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.
|
|||||
| CVE-2007-1973 | 1 Microsoft | 1 Windows Nt | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.
|
|||||