Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6715 | 1 Powerscripts | 1 Powerclan | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter.
|
|||||
| CVE-2007-0375 | 1 Joomla | 1 Joomla | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.
|
|||||
| CVE-2006-6101 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.
|
|||||
| CVE-2007-0585 | 1 Webfwlog | 1 Webfwlog | 2025-04-09 | 9.3 HIGH | N/A |
|
include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks.
|
|||||
| CVE-2007-3054 | 1 Codelib | 1 Linker | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1678 | 1 Fizzle | 1 Fizzle | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler.
|
|||||
| CVE-2007-4113 | 1 Advanced Webhost Billing System | 1 Advanced Webhost Billing System | 2025-04-09 | 3.5 LOW | N/A |
|
Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors.
|
|||||
| CVE-2007-4658 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
|
|||||
| CVE-2007-3306 | 1 Ultrize | 1 Minibill | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489.
|
|||||
| CVE-2006-6577 | 1 Neocrome | 2 Land Down Under, Seditio | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-3632 | 1 Limesurvey | 1 Limesurvey | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.
|
|||||
| CVE-2007-1928 | 1 Witshare | 1 Witshare | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter.
|
|||||
| CVE-2007-0889 | 1 Kiwi Enterprises | 1 Kiwi Cattools | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector.
|
|||||
| CVE-2007-4241 | 2 Cisco, Hp | 2 Local Director, Hp-ux | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781.
|
|||||
| CVE-2007-3438 | 1 Nortel | 1 Sip Softphone | 2025-04-09 | 7.8 HIGH | N/A |
|
Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.
|
|||||
| CVE-2007-3622 | 1 Alt-n | 1 Mdaemon | 2025-04-09 | 2.6 LOW | N/A |
|
Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.
|
|||||
| CVE-2006-5651 | 1 Digioz | 1 Digioz Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message.
|
|||||
| CVE-2008-0002 | 1 Apache | 1 Tomcat | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
|
|||||
| CVE-2007-0129 | 1 Locazo | 1 Locazolist Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.
|
|||||
| CVE-2007-4079 | 1 Alstrasoft | 1 Sms Text Messaging Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php.
|
|||||
| CVE-2007-1881 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.
|
|||||
| CVE-2006-6009 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets.
|
|||||
| CVE-2007-0510 | 1 Awffull | 1 Awffull | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries.
|
|||||
| CVE-2007-1452 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
|
|||||
| CVE-2007-0879 | 1 Smidgeonsoft | 1 Pebrowse | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0768 | 1 Yahoo | 1 Messenger | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-5669 | 1 Gepi | 1 Gepi | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.
|
|||||
| CVE-2007-3225 | 1 Sun | 1 Java System Directory Server | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors.
|
|||||
| CVE-2007-2420 | 1 Burak Yilmaz | 1 Burak Yilmaz Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-1671 | 1 Avira | 1 Antivir Personal | 2025-04-09 | 7.8 HIGH | N/A |
|
avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
|
|||||
| CVE-2007-1794 | 2 Mozilla, Sun | 3 Mozilla, Solaris, Sunos | 2025-04-09 | 10.0 HIGH | N/A |
|
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
|
|||||
| CVE-2007-1886 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."
|
|||||
| CVE-2007-0379 | 1 Docman | 1 Docman | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-1591 | 1 Trend Micro | 1 Trend Micro Antivirus | 2025-04-09 | 7.8 HIGH | N/A |
|
VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error.
|
|||||
| CVE-2006-6580 | 1 Scriptphp | 1 Pronews | 2025-04-09 | 6.4 MEDIUM | N/A |
|
admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1525 | 1 Dayfox Designs | 1 Dayfox Blog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.
|
|||||
| CVE-2006-5491 | 1 Ceary | 1 Ultracms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
|
|||||
| CVE-2007-3833 | 1 Cerulean Studios | 1 Trillian | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder.
|
|||||
| CVE-2007-4101 | 1 Global Centre | 1 Aplomb Poll | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.
|
|||||
| CVE-2007-4127 | 1 Le Ralf | 1 Ralf Image Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in check_entry.php in Ralf Image Gallery (RIG), aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir_abs_src parameter. NOTE: this issue is disputed by multiple third parties, who report that the product exits if register_globals is enabled, thereby blocking exploitation. NOTE: CVE-2006-3210.a covers this issue in versions before 1.0
|
|||||