Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4505 | 2 Mambo, Mamboserver | 2 Remository, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
|
|||||
| CVE-2007-1553 | 1 Guestbara | 1 Guestbara | 2025-04-09 | 5.0 MEDIUM | N/A |
|
admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters.
|
|||||
| CVE-2007-3029 | 1 Microsoft | 2 Excel, Office | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
|
|||||
| CVE-2008-0384 | 1 Openbsd | 1 Openbsd | 2025-04-09 | 4.9 MEDIUM | N/A |
|
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.
|
|||||
| CVE-2008-1687 | 1 Gnu | 1 M4 | 2025-04-09 | 7.5 HIGH | N/A |
|
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
|
|||||
| CVE-2006-7065 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
|
|||||
| CVE-2007-1545 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.
|
|||||
| CVE-2006-7185 | 1 Cmsmelborp | 1 Cmsmelborp | 2025-04-09 | 9.3 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.
|
|||||
| CVE-2006-3973 | 1 My Firewall Plus | 1 My Firewall Plus | 2025-04-09 | 7.2 HIGH | N/A |
|
My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.
|
|||||
| CVE-2007-3209 | 1 Nongnu | 1 Mail Notification | 2025-04-09 | 7.8 HIGH | N/A |
|
Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2006-5807 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion".
|
|||||
| CVE-2006-5493 | 1 Digitalhive | 1 Digitalhive | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
|
|||||
| CVE-2006-5735 | 1 Punbb | 1 Punbb | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table.
|
|||||
| CVE-2007-0307 | 1 Poplar Gedcom Viewer | 1 Poplar Gedcom Viewer | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.
|
|||||
| CVE-2007-2667 | 1 Db Soft Lab | 1 Vimp X | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter.
|
|||||
| CVE-2007-5079 | 1 Redhat | 1 Linux | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2007-3214 | 1 E-vision | 1 E-vision Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.
|
|||||
| CVE-2007-0911 | 1 Php | 1 Php | 2025-04-09 | 7.8 HIGH | N/A |
|
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
|
|||||
| CVE-2007-0135 | 1 Aratix | 1 Aratix | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.
|
|||||
| CVE-2006-6203 | 1 Krishan | 1 Flyspray | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2007-1013 | 1 Virtualsystem | 1 Htaccess Passwort Generator | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.
|
|||||
| CVE-2006-5709 | 1 Alt-n | 1 Mdaemon | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."
|
|||||
| CVE-2007-2184 | 1 Jchit | 1 Counter | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter.
|
|||||
| CVE-2007-1035 | 1 Drupal | 3 Audio Module, Getid3, Mediafield Module | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.
|
|||||
| CVE-2007-5789 | 1 Grandstream | 1 Ht488 | 2025-04-09 | 7.8 HIGH | N/A |
|
The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.
|
|||||
| CVE-2007-1225 | 1 Grok Developments | 1 Netproxy | 2025-04-09 | 10.0 HIGH | N/A |
|
The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.
|
|||||
| CVE-2006-6050 | 1 Clicktech | 1 Texas Rankem | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp.
|
|||||
| CVE-2007-0759 | 1 Umberto Caldera | 1 Easymoblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php.
|
|||||
| CVE-2007-4142 | 1 Ibm | 1 Lotus Sametime | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting.
|
|||||
| CVE-2007-3869 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Customer Relationship Management Online Marketing component in Oracle PeopleSoft Enterprise 8.9 Bundle 26 and 9.0 Bundle 7 allow remote authenticated users to have an unknown impact, aka (1) PSE04 and (2) PSE05.
|
|||||
| CVE-2006-5839 | 1 Phpadventure | 1 Phpadventure | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter.
|
|||||
| CVE-2007-0806 | 1 Les News | 1 Les News | 2025-04-09 | 7.5 HIGH | N/A |
|
Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations.
|
|||||
| CVE-2007-2311 | 1 Bloofoxcms | 1 Bloofoxcms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use
|
|||||
| CVE-2007-3233 | 1 Tec-it | 1 Tbarcode Ocx | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method.
|
|||||
| CVE-2007-4477 | 1 Planet Technology Corp | 1 Vc-200m Vdsl2 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header.
|
|||||
| CVE-2006-5780 | 1 Xlink Technology | 1 Omni-nfs Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm.
|
|||||
| CVE-2007-3080 | 1 Hunkaray Okul | 1 Portaly | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-7209 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics.
|
|||||
| CVE-2007-1777 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
|
|||||
| CVE-2006-6195 | 1 Fixit Knowledge Solutions | 1 Idms Pro Image Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp.
|
|||||