Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1025 | 1 Virtualsystem | 1 Vs-link-partner | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter.
|
|||||
| CVE-2006-7017 | 1 Nicecoder | 1 Indexu | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, ...
Show More |
|||||
| CVE-2007-2635 | 1 Interchange Development Group | 1 Interchange | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.
|
|||||
| CVE-2006-6678 | 1 Netrik | 1 Netrik | 2025-04-09 | 7.5 HIGH | N/A |
|
The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.
|
|||||
| CVE-2007-6382 | 1 Robocode | 1 Robocode | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method.
|
|||||
| CVE-2009-1808 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call.
|
|||||
| CVE-2007-3861 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01.
|
|||||
| CVE-2006-5438 | 1 Comdev | 1 Comdev Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in adminfoot.php in Comdev Forum 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-5701 | 2 Linux, Redhat | 2 Linux Kernel, Fedora Core | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.
|
|||||
| CVE-2006-6607 | 1 Ibm | 1 Tivoli Identity Manager | 2025-04-09 | 2.7 LOW | N/A |
|
The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.
|
|||||
| CVE-2007-1105 | 1 Extreme Phpbb | 1 Extreme Phpbb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-0665 | 1 Ipswitch | 1 Ws Ftp Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command.
|
|||||
| CVE-2007-0705 | 1 Fenrir | 2 Portable Sleipnir, Sleipnir | 2025-04-09 | 7.5 HIGH | N/A |
|
Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2009 | 1 Simpcms | 1 Simpcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
|
|||||
| CVE-2008-4237 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting.
|
|||||
| CVE-2007-4531 | 1 Michal Marcinkowski | 2 Soldat Dedicated Server, Soldat Game Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a client denial of service (crash) via (1) a long string to the file transfer port or (2) a long chat message, or (3) a server denial of service (continuous beep and slowdown) via a string containing many 0x07 or other control characters to the file transfer port.
|
|||||
| CVE-2008-6705 | 1 Stalker-game | 1 S.t.a.l.k.e.r.\ | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server termination) via a crafted packet without an expected 0xe0 or 0xe1 value, which triggers the INT3 instruction.
|
|||||
| CVE-2006-4573 | 1 Gnu | 1 Screen | 2025-04-09 | 2.6 LOW | N/A |
|
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
|
|||||
| CVE-2007-3817 | 1 Drupal | 1 Logintoboggan Module | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE: Drupal sanitizes the username by removing certain characters, so this might not be a vulnerability on default installations.
|
|||||
| CVE-2007-1258 | 1 Cisco | 4 Catalyst 6000, Catalyst 6500, Catalyst 7600 and 1 more | 2025-04-09 | 6.1 MEDIUM | N/A |
|
Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.
|
|||||
| CVE-2007-4628 | 1 Phpns | 1 Phpns | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-5881 | 1 Dynamic Dataworx | 1 Nucommunity | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter.
|
|||||
| CVE-2006-5025 | 1 Paisterist | 1 Simple Http Scanner | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack vectors.
|
|||||
| CVE-2006-6271 | 1 Phpoll | 1 Phpoll | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/.
|
|||||
| CVE-2006-6771 | 1 Irokez | 1 Irokez Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, ...
Show More |
|||||
| CVE-2007-3077 | 1 Eqdkp | 1 Eqdkp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.
|
|||||
| CVE-2007-0593 | 1 Siteman | 1 Siteman | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt.
|
|||||
| CVE-2006-6631 | 1 Ibiblio | 1 Osprey | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter.
|
|||||
| CVE-2009-3462 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."
|
|||||
| CVE-2006-5786 | 1 E107 | 1 E107 | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
|
|||||
| CVE-2007-4888 | 1 Xwiki | 1 Xwiki | 2025-04-09 | 3.5 LOW | N/A |
|
The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable.
|
|||||
| CVE-2007-0225 | 1 Virtual Programming | 1 Vp-asp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||
| CVE-2007-2532 | 1 Obie Website | 1 Mini Web Shop | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.
|
|||||
| CVE-2007-0147 | 1 Cuyahoga | 1 Cuyahoga | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.
|
|||||
| CVE-2006-6937 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.
|
|||||
| CVE-2007-1438 | 1 X-ice | 1 News System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-2438 | 2 Foresight Linux, Vim Development Group | 2 Foresight Linux, Vim | 2025-04-09 | 7.6 HIGH | N/A |
|
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
|
|||||
| CVE-2007-2973 | 1 Avira | 2 Antivir, Av Pack | 2025-04-09 | 7.8 HIGH | N/A |
|
Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive.
|
|||||
| CVE-2006-5262 | 1 Hastymail | 1 Hastymail | 2025-04-09 | 6.5 MEDIUM | N/A |
|
CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.
|
|||||
| CVE-2007-2460 | 1 Firefly | 1 Firefly | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||