Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1867 | 1 Irfanview | 1 Irfanview | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.
|
|||||
| CVE-2006-7008 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
|
|||||
| CVE-2007-3946 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 6.4 MEDIUM | N/A |
|
mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.
|
|||||
| CVE-2006-6170 | 1 Proftpd Project | 1 Proftpd | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
|
|||||
| CVE-2009-2146 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name.
|
|||||
| CVE-2007-3926 | 1 Ipswitch | 1 Imail Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."
|
|||||
| CVE-2006-5874 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
|
|||||
| CVE-2007-2542 | 1 Workbench Survival Guide | 1 Workbench Survival Guide | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
|
|||||
| CVE-2007-0596 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-09 | 6.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.
|
|||||
| CVE-2007-2171 | 1 Novell | 1 Groupwise | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.
|
|||||
| CVE-2006-6328 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter.
|
|||||
| CVE-2007-4263 | 1 Cisco | 1 Ios | 2025-04-09 | 8.5 HIGH | N/A |
|
Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.
|
|||||
| CVE-2006-5160 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.8 HIGH | 8.1 HIGH |
|
Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.
|
|||||
| CVE-2007-3572 | 1 Yoggie | 2 Pico, Pico Pro | 2025-04-09 | 9.3 HIGH | N/A |
|
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).
|
|||||
| CVE-2006-6940 | 1 Owa | 1 Owa | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.
|
|||||
| CVE-2007-3941 | 1 Jasmine | 1 Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5379 | 1 Nvidia | 1 Binary Graphics Driver | 2025-04-09 | 7.5 HIGH | N/A |
|
The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.
|
|||||
| CVE-2007-0120 | 1 Acunetix | 1 Web Vulnerability Scanner | 2025-04-09 | 1.9 LOW | N/A |
|
Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.
|
|||||
| CVE-2007-3435 | 1 Rkd Software | 1 Barcode Activex | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
|
|||||
| CVE-2006-6635 | 1 Jumbacms | 1 Jumbacms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter.
|
|||||
| CVE-2007-4413 | 1 Headstart Solutions | 1 Deskpro | 2025-04-09 | 3.5 LOW | N/A |
|
Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter.
|
|||||
| CVE-2007-2564 | 1 Sienzo | 1 Digital Music Mentor | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function.
|
|||||
| CVE-2007-1301 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-09 | 9.0 HIGH | N/A |
|
Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.
|
|||||
| CVE-2008-6564 | 1 Nortel | 2 Communication Server 1000, Unistim Protocol | 2025-04-09 | 7.6 HIGH | N/A |
|
Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks.
|
|||||
| CVE-2007-1168 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 7.5 HIGH | N/A |
|
Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).
|
|||||
| CVE-2007-3249 | 1 Joomla | 1 Letterman Subscriber | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter.
|
|||||
| CVE-2007-1589 | 2 Linux, Truecrypt Foundation | 2 Linux Kernel, Truecrypt | 2025-04-09 | 2.1 LOW | N/A |
|
TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.
|
|||||
| CVE-2007-2432 | 1 Nukedit | 1 Nukedit | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4393 | 1 Suse | 1 Suse Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.
|
|||||
| CVE-2006-6365 | 1 Duware | 1 Dupaypal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047.
|
|||||
| CVE-2006-6476 | 1 Mandiant | 1 First Response | 2025-04-09 | 2.4 LOW | N/A |
|
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation).
|
|||||
| CVE-2007-0650 | 1 Makeindex | 1 Makeindex | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
|
|||||
| CVE-2006-5583 | 1 Microsoft | 1 Windows 2003 Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
|
|||||
| CVE-2007-2659 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action.
|
|||||
| CVE-2009-4048 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket.
|
|||||
| CVE-2007-0561 | 1 Xero Portal | 1 Xero Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/.
|
|||||
| CVE-2006-6645 | 1 Mxbb | 1 Mxbb Web Links | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
|
|||||
| CVE-2006-6345 | 1 Sap | 1 Internet Graphics Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134.
|
|||||
| CVE-2007-2928 | 1 Lenovo | 2 Access Support, Automated Solutions | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
|
|||||
| CVE-2006-6366 | 1 Cerberus | 1 Helpdesk | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||