Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5863 | 1 Otterware | 1 Letterit2 | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
|
|||||
| CVE-2006-6339 | 1 Devilz Clanportal | 1 Devilz Clanportal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request.
|
|||||
| CVE-2007-2275 | 1 Hp | 3 Storageworks Command View, Storageworks Replication Monitor, Storageworks Tiered Storage Manager | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or addition of new users.
|
|||||
| CVE-2007-0572 | 1 Drunken Golem | 1 Gaming Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2006-5887 | 1 Dynamic Dataworx | 1 Nuschool | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
|
|||||
| CVE-2007-0948 | 1 Microsoft | 2 Virtual Pc, Virtual Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
|
|||||
| CVE-2006-5571 | 1 Kynoslogic | 1 Cruiseworks | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter.
|
|||||
| CVE-2007-4452 | 1 Toribash | 1 Toribash | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (disconnection) via a long (1) emote or (2) SPEC command.
|
|||||
| CVE-2006-6969 | 1 Jetty | 1 Jetty Http Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
|
|||||
| CVE-2007-2077 | 1 Maian | 1 Search | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem."
|
|||||
| CVE-2007-3807 | 1 Sitescape | 1 Sitescape Forum | 2025-04-09 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.
|
|||||
| CVE-2007-1820 | 1 Nortel | 2 Callpilot, Meridian Mail | 2025-04-09 | 9.3 HIGH | N/A |
|
Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID).
|
|||||
| CVE-2007-2137 | 1 Ibm | 1 Tivoli Monitoring Express | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.
|
|||||
| CVE-2006-5592 | 1 Pacos Drivers | 1 Pacpoll | 2025-04-09 | 7.5 HIGH | N/A |
|
Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to bypass authentication by setting the polllog cookie value to "xx".
|
|||||
| CVE-2007-2150 | 1 Bluearc | 1 Titan | 2025-04-09 | 7.8 HIGH | N/A |
|
BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.
|
|||||
| CVE-2007-1638 | 1 Phpprojekt | 1 Phpprojekt | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files.
|
|||||
| CVE-2007-2019 | 1 Tomex | 1 Phpgalleryscript | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.
|
|||||
| CVE-2007-0964 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | 5.4 MEDIUM | N/A |
|
Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.
|
|||||
| CVE-2007-2017 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
|
siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request.
|
|||||
| CVE-2007-0278 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).
|
|||||
| CVE-2009-0077 | 1 Microsoft | 2 Forefront Threat Management Gateway, Internet Security And Acceleration Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."
|
|||||
| CVE-2007-0657 | 1 Alientrap | 1 Nexuiz | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command.
|
|||||
| CVE-2007-4303 | 2 Cerb, Freebsd | 2 Cerbng, Freebsd | 2025-04-09 | 6.2 MEDIUM | N/A |
|
Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb.
|
|||||
| CVE-2007-1544 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.
|
|||||
| CVE-2007-2627 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.
|
|||||
| CVE-2006-5469 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference.
|
|||||
| CVE-2007-0602 | 1 Trend Micro | 1 Viruswall | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533.
|
|||||
| CVE-2006-4807 | 1 Enlightenment | 1 Imlib2 | 2025-04-09 | 2.6 LOW | N/A |
|
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
|
|||||
| CVE-2007-1437 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.
|
|||||
| CVE-2007-3614 | 1 Sap | 1 Sap Db | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
|
|||||
| CVE-2007-0481 | 1 Cisco | 1 Ios Transmission Control Protocol | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.
|
|||||
| CVE-2006-7158 | 1 Oracle | 1 Apex | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.
|
|||||
| CVE-2007-3624 | 1 Sap | 1 Sap Message Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.
|
|||||
| CVE-2006-5924 | 1 Efficientip | 1 Ipmanager | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
|
|||||
| CVE-2006-5912 | 1 Campware.org | 1 Campsite | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords.
|
|||||
| CVE-2006-6535 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 9.4 HIGH | N/A |
|
The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.
|
|||||
| CVE-2007-1294 | 1 Divx | 1 Divx Web Player | 2025-04-09 | 7.8 HIGH | N/A |
|
A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.
|
|||||
| CVE-2007-4428 | 1 Lhaz | 1 Lhaz | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116.
|
|||||
| CVE-2007-2598 | 1 Simplenews | 1 Simplenews | 2025-04-09 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
|
|||||
| CVE-2006-5533 | 1 Aroundme | 1 Aroundme | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.tpl.php and other unspecified PHP scripts, a different vector than CVE-2006-5401.
|
|||||