Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3175 | 1 W2b | 1 Online Banking | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b.
|
|||||
| CVE-2007-3973 | 1 Jblog | 1 Jblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php.
|
|||||
| CVE-2007-1444 | 1 Netperf | 1 Netperf | 2025-04-09 | 4.4 MEDIUM | N/A |
|
netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug.
|
|||||
| CVE-2006-5713 | 1 Efs Software | 1 Efs Web Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6027 | 1 Adobe | 1 Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
|
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
|
|||||
| CVE-2007-2372 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2025-04-09 | 10.0 HIGH | N/A |
|
admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/.
|
|||||
| CVE-2007-3695 | 1 Broadcom | 1 Erwin Process Modeler | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.
|
|||||
| CVE-2007-0722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.
|
|||||
| CVE-2006-5349 | 1 Oracle | 1 Http Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07.
|
|||||
| CVE-2007-0577 | 1 Acgvclick | 1 Acgvclick | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
|
|||||
| CVE-2007-2448 | 1 Subversion | 1 Subversion | 2025-04-09 | 2.1 LOW | N/A |
|
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
|
|||||
| CVE-2006-5328 | 2 Apple, Openbase International Ltd | 2 Xcode, Openbase | 2025-04-09 | 7.2 HIGH | N/A |
|
OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file.
|
|||||
| CVE-2007-0367 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.
|
|||||
| CVE-2007-2588 | 1 Office Ocx | 1 Office Viewer Ocx | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function.
|
|||||
| CVE-2006-5716 | 1 Freenews | 1 Freenews | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is not set to "1."
|
|||||
| CVE-2007-0920 | 1 Philboard | 1 Philboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
|
|||||
| CVE-2006-5028 | 1 Swsoft | 2 Plesk, Plesk Reload | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.
|
|||||
| CVE-2007-0256 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | 7.8 HIGH | N/A |
|
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
|
|||||
| CVE-2007-2685 | 1 Jetbox | 1 Jetbox Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.
|
|||||
| CVE-2007-4353 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods.
|
|||||
| CVE-2006-5671 | 1 Free Php Scripts | 1 Free Image Hosting | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6612 | 1 Phpmycms | 1 Phpmycms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter.
|
|||||
| CVE-2007-2758 | 1 Winimage | 1 Winimage | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal.
|
|||||
| CVE-2007-2076 | 1 Maian | 1 Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0."
|
|||||
| CVE-2008-0028 | 1 Cisco | 4 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Pix 500 and 1 more | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.
|
|||||
| CVE-2007-2140 | 1 Franklin Huang | 1 Flip-search-add-on | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
|
|||||
| CVE-2006-5838 | 1 Newp | 1 News Publication System | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter.
|
|||||
| CVE-2007-3393 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.
|
|||||
| CVE-2007-3468 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | 7.8 HIGH | N/A |
|
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
|
|||||
| CVE-2007-0550 | 1 212cafe | 1 212cafeboard | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.
|
|||||
| CVE-2007-3237 | 1 Xoops | 1 Tinycontent Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
|
|||||
| CVE-2007-0324 | 1 Lizardtech | 1 Djvu Browser Plug-in | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-3665 | 1 Symantec | 1 Norton Ghost | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Norton Ghost 12.0 allow remote attackers to cause a denial of service via unspecified vectors involving the UpdateCatalog and other functions.
|
|||||
| CVE-2007-2030 | 1 Redhat | 2 Enterprise Linux, Fedora Core | 2025-04-09 | 4.9 MEDIUM | N/A |
|
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
|
|||||
| CVE-2006-6550 | 1 Phorum | 1 Phorum | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use
|
|||||
| CVE-2007-0808 | 1 Mina Ajans | 1 Mina Ajans Script | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script.
|
|||||
| CVE-2007-2506 | 1 Progress | 2 Progress, Webspeed | 2025-04-09 | 7.8 HIGH | N/A |
|
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
|
|||||
| CVE-2006-5365 | 1 Oracle | 2 Application Server, E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors, aka Vuln# FORM02.
|
|||||
| CVE-2007-2647 | 1 Monalbum | 1 Monalbum | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_m ...
Show More |
|||||
| CVE-2007-4143 | 1 Phpcoupon | 1 Phpcoupon | 2025-04-09 | 4.0 MEDIUM | N/A |
|
user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPal transactions.
|
|||||