Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2769 | 1 Opendap | 2 Bes, Hyrax | 2025-04-09 | 7.5 HIGH | N/A |
|
BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file.
|
|||||
| CVE-2007-0170 | 1 Allmyphp | 1 Allmyvisitors | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.
|
|||||
| CVE-2007-2075 | 1 Scramdisk 4 Linux | 1 Scramdisk 4 Linux | 2025-04-09 | 6.9 MEDIUM | N/A |
|
ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container.
|
|||||
| CVE-2009-2946 | 2 Debian, Devscripts Devel Team | 2 Linux, Devscripts | 2025-04-09 | 9.3 HIGH | N/A |
|
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.
|
|||||
| CVE-2007-0732 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port."
|
|||||
| CVE-2007-0389 | 1 Arsdigita | 2 Arsdigita Community Education Solution, Arsdigita Community System | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.
|
|||||
| CVE-2007-4427 | 1 Intersystems | 1 Cache Database | 2025-04-09 | 3.5 LOW | N/A |
|
Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116.
|
|||||
| CVE-2007-2623 | 1 Fruit2004 | 1 Remote Display Development Kit | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll.
|
|||||
| CVE-2006-5751 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
|
Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.
|
|||||
| CVE-2007-3239 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
|
|||||
| CVE-2007-2639 | 1 Prosysinfo | 1 Tftp Server Tftpdwin | 2025-04-09 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors.
|
|||||
| CVE-2006-5078 | 1 Polaring | 1 Polaring | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter.
|
|||||
| CVE-2007-0098 | 1 Verliadmin | 1 Verliadmin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
|
|||||
| CVE-2006-5288 | 1 Cisco | 1 2700 Wireless Location Appliance | 2025-04-09 | 10.0 HIGH | N/A |
|
Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893.
|
|||||
| CVE-2007-4072 | 1 Tincan | 1 Webbler Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php.
|
|||||
| CVE-2006-6849 | 1 Cahier De Textes | 1 Cahier De Textes | 2025-04-09 | 7.5 HIGH | N/A |
|
administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions.
|
|||||
| CVE-2006-6628 | 1 Openoffice | 1 Openoffice | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.
|
|||||
| CVE-2007-0763 | 1 F3site | 1 F3site | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.
|
|||||
| CVE-2006-5832 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.
|
|||||
| CVE-2007-0191 | 1 Mkportal | 1 Mkportal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.
|
|||||
| CVE-2006-5161 | 1 Ibm | 1 Client Security Password Manager | 2025-04-09 | 6.4 MEDIUM | N/A |
|
IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page.
|
|||||
| CVE-2006-6169 | 1 Gnupg | 1 Gnupg | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.
|
|||||
| CVE-2007-1039 | 1 Peanutkb | 1 Peanut Knowledge Base | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.
|
|||||
| CVE-2007-0109 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 5.0 MEDIUM | N/A |
|
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
|
|||||
| CVE-2007-4254 | 1 Microsoft | 2 Visual Database Tools Database Designer, Visual Studio | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.
|
|||||
| CVE-2006-6333 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
|
The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset.
|
|||||
| CVE-2007-0253 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven
|
|||||
| CVE-2008-3819 | 1 Cisco | 4 Gss 4480 Global Site Selector, Gss 4490 Global Site Selector, Gss 4491 Global Site Selector and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093.
|
|||||
| CVE-2007-0313 | 1 Gonicus | 1 Gonicus System Administration | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.
|
|||||
| CVE-2007-3413 | 1 Bitego | 1 Bosdatagrid | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component.
|
|||||
| CVE-2007-6328 | 1 Dosbox | 1 Dosbox | 2025-04-09 | 7.2 HIGH | N/A |
|
DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem
|
|||||
| CVE-2006-5238 | 1 Blue Smiley Organizer | 1 Blue Smiley Organizer | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors.
|
|||||
| CVE-2007-1254 | 1 Connectix | 1 Connectix Boards | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.
|
|||||
| CVE-2008-3061 | 1 V-webmail | 1 V-webmail | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter.
|
|||||
| CVE-2009-4373 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/.
|
|||||
| CVE-2007-0219 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
|
|||||
| CVE-2006-7024 | 1 Harpia | 1 Harpia Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root paramet ...
Show More |
|||||
| CVE-2007-5793 | 1 Stonesoft | 1 Stonegate Ips | 2025-04-09 | 7.1 HIGH | N/A |
|
Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.
|
|||||
| CVE-2007-3154 | 1 Egroupware | 1 Egroupware | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.
|
|||||
| CVE-2007-2619 | 1 Symantec | 1 Pcanywhere | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785.
|
|||||