Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6221 | 1 2x | 1 Thinclientserver | 2025-04-09 | 7.5 HIGH | N/A |
|
2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request.
|
|||||
| CVE-2007-4678 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.1 HIGH | N/A |
|
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
|
|||||
| CVE-2006-5133 | 1 Steve Poulsen | 1 Guildftpd | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars."
|
|||||
| CVE-2006-6951 | 1 Odysseus Blog | 1 Odysseus Blog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2006-6122 | 1 Tin | 1 Tin | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804.
|
|||||
| CVE-2007-1051 | 1 Comodo | 1 Comodo Firewall Pro | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.
|
|||||
| CVE-2008-3350 | 1 The Kelleys | 1 Dnsmasq | 2025-04-09 | 5.0 MEDIUM | N/A |
|
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
|
|||||
| CVE-2007-0227 | 1 Slocate | 1 Slocate | 2025-04-09 | 5.0 MEDIUM | N/A |
|
slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.
|
|||||
| CVE-2007-0019 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.
|
|||||
| CVE-2007-4140 | 1 Lfs | 1 Live For Speed S2 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name.
|
|||||
| CVE-2006-6948 | 1 Myodbc | 1 Myodbc | 2025-04-09 | 7.8 HIGH | N/A |
|
MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.
|
|||||
| CVE-2006-6532 | 1 Vt-forum | 1 Vt-forum Lite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors than CVE-2006-6447. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6223 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
|
|||||
| CVE-2007-2876 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 6.1 MEDIUM | N/A |
|
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.
|
|||||
| CVE-2007-0498 | 1 Sky Gunning | 1 Myspeach | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.
|
|||||
| CVE-2006-6018 | 1 Jim Plush | 1 My-bic | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089. NOTE: this issue is disputed by CVE and third party researchers because INC_PATH is a constant
|
|||||
| CVE-2007-2729 | 1 Comodo | 2 Comodo Firewall Pro, Comodo Personal Firewall | 2025-04-09 | 7.2 HIGH | N/A |
|
Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
|
|||||
| CVE-2007-0692 | 1 Dgnews | 1 Dgnews | 2025-04-09 | 5.0 MEDIUM | N/A |
|
DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.
|
|||||
| CVE-2007-4624 | 1 Abledesign | 1 Dynamic Picture Frame | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6855 | 1 Aidex | 1 Mini-webserver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-1801 | 1 Sblog | 1 Sblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
|
|||||
| CVE-2007-2367 | 1 Wserve Http Server | 1 Wserve Http Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.
|
|||||
| CVE-2006-6761 | 1 Novell | 1 Netmail | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
|
|||||
| CVE-2006-5547 | 1 Otscms | 1 Otscms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.0.0 through 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][includes] parameter.
|
|||||
| CVE-2007-0805 | 1 Hp | 1 Tru64 | 2025-04-09 | 2.1 LOW | N/A |
|
The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587.
|
|||||
| CVE-2006-5366 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and remote attack vectors related to (1) Oracle Containers for J2EE, aka Vuln# OC4J01, and (2) Oracle Process Mgmt & Notification, aka OPMN01.
|
|||||
| CVE-2007-0900 | 1 Tagit | 1 Tagboard | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to ( ...
Show More |
|||||
| CVE-2007-3569 | 1 Softlink Europe | 1 Oliver Library Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on.
|
|||||
| CVE-2006-6069 | 1 Malbum | 1 Malbum | 2025-04-09 | 5.0 MEDIUM | N/A |
|
index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter.
|
|||||
| CVE-2006-5503 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
|||||
| CVE-2007-1997 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 7.5 HIGH | N/A |
|
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
|
|||||
| CVE-2007-4340 | 1 Phpdvd | 1 Phpdvd | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the dvd_config_file parameter.
|
|||||
| CVE-2008-3630 | 2 Apple, Microsoft | 6 Bonjour, Windows-nt, Windows 2000 and 3 more | 2025-04-09 | 6.4 MEDIUM | N/A |
|
mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
|
|||||
| CVE-2007-0955 | 1 Mailenable | 1 Mailenable | 2025-04-09 | 7.8 HIGH | N/A |
|
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.
|
|||||
| CVE-2007-2455 | 1 Parallels | 1 Parallels Desktop | 2025-04-09 | 6.1 MEDIUM | N/A |
|
Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7.
|
|||||
| CVE-2007-2320 | 1 Papoo | 1 Papoo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478.
|
|||||
| CVE-2006-6082 | 1 Creascripts | 1 Creadirectory | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp.
|
|||||
| CVE-2006-4980 | 1 Python | 1 Python | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
|
|||||
| CVE-2007-0119 | 1 Edittag | 1 Edittag | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
|
|||||
| CVE-2007-1017 | 1 Virtualsystem | 1 Vs-news-system | 2025-04-09 | 9.3 HIGH | N/A |
|
PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.
|
|||||