Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5850 | 1 Essen | 1 Essentia Web Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6178 | 1 Trend Micro | 1 Officescan | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-2007-0556 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 6.6 MEDIUM | N/A |
|
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
|
|||||
| CVE-2007-2012 | 1 Mimarsinan | 1 Comprexx | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive.
|
|||||
| CVE-2007-2883 | 1 Credant | 1 Credant Mobile Guardian Shield - Windows | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer.
|
|||||
| CVE-2007-2998 | 1 Hp | 1 Openvms | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code.
|
|||||
| CVE-2006-7182 | 1 Mnews | 1 Mnews | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
|
|||||
| CVE-2007-3684 | 1 Masuga Design | 1 Unobtrusive Ajax Star Rating Bar | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php.
|
|||||
| CVE-2007-1287 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
|
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
|
|||||
| CVE-2007-0081 | 1 Sunbelt | 1 Sunbelt Kerio Personal Firewall | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory.
|
|||||
| CVE-2007-2726 | 1 Bitscast | 1 Bitscast | 2025-04-09 | 7.8 HIGH | N/A |
|
BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns.
|
|||||
| CVE-2009-4041 | 1 Usebb | 1 Usebb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of service (infinite loop) via crafted BBCode tags.
|
|||||
| CVE-2007-0688 | 1 Hunkaray Duyuru | 1 Scripti | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5697 | 2 Mozilla, Skype | 2 Firefox, Skype Extension For Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.
|
|||||
| CVE-2006-6512 | 1 Flippet.org | 1 Winamp Web Interface | 2025-04-09 | 3.5 LOW | N/A |
|
Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F") in the path parameter.
|
|||||
| CVE-2009-0253 | 1 Mozilla | 1 Firefox | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.
|
|||||
| CVE-2006-5813 | 1 Novell | 1 Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2006-5991 | 1 Cactusoft | 1 Cactushop | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.
|
|||||
| CVE-2007-3187 | 1 Apple | 1 Safari | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2007-4422 | 1 Symantec | 1 Enterprise Firewall | 2025-04-09 | 9.3 HIGH | N/A |
|
The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
|
|||||
| CVE-2007-2046 | 1 Openads | 1 Openads | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2167 | 1 Aimstats | 1 Aimstats | 2025-04-09 | 7.5 HIGH | N/A |
|
Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.
|
|||||
| CVE-2007-4108 | 1 Codewidgets | 1 Online Event Registration Template | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
|
|||||
| CVE-2006-6794 | 1 Efkan Forum | 1 Efkan Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter.
|
|||||
| CVE-2007-2871 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
|
|||||
| CVE-2006-6179 | 1 Trend Micro | 1 Officescan | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-2007-4252 | 1 Chilkat Software | 1 Asp String | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633.
|
|||||
| CVE-2007-2765 | 1 Ac Zoom | 1 Blockhosts | 2025-04-09 | 6.8 MEDIUM | N/A |
|
blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.
|
|||||
| CVE-2006-5376 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.22 GA, 8.46 GA, 8.47 GA, 8.48 GA, 8.22.11, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) PSE04, (2) PSE06, (3) PSE07, and (4) PSE08.
|
|||||
| CVE-2007-3600 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 4.0 MEDIUM | N/A |
|
WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.
|
|||||
| CVE-2006-6135 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831).
|
|||||
| CVE-2007-1366 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-09 | 2.1 LOW | N/A |
|
QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
|
|||||
| CVE-2007-2753 | 1 Runawaysoft | 1 Haber Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb.
|
|||||
| CVE-2007-0386 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."
|
|||||
| CVE-2007-3957 | 1 Nipun Jain | 1 Xserver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a long URI.
|
|||||
| CVE-2007-0101 | 1 Spine | 1 Spine | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6255 | 1 Nukeai | 1 Nukeai | 2025-04-09 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.
|
|||||
| CVE-2007-2219 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
|
|||||
| CVE-2007-2601 | 1 Divx City | 1 Gdivx Zenith Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value.
|
|||||
| CVE-2007-0183 | 1 Sun | 1 Iplanet Web Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||