Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5921 | 1 Wheatblog | 1 Wheatblog | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields. NOTE: this issue may overlap CVE-2006-5195.
|
|||||
| CVE-2007-2461 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix | 2025-04-09 | 7.8 HIGH | N/A |
|
The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used.
|
|||||
| CVE-2007-1936 | 1 Scar4u.de | 1 Scaradcontroller | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter.
|
|||||
| CVE-2007-3528 | 1 Dar | 1 Dar | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.
|
|||||
| CVE-2007-1719 | 2 Freebsd, Jason W. Bacon | 2 Freebsd, Mcweject | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name.
|
|||||
| CVE-2007-1046 | 1 Dem Trac | 1 Dem Trac | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt.
|
|||||
| CVE-2007-3161 | 1 Visicom Media | 1 Ace-ftp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response.
|
|||||
| CVE-2006-6846 | 1 Cybercoded | 1 While You Were Out Inout Board | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp.
|
|||||
| CVE-2006-5834 | 1 Opensolution | 1 Quick.cms.lite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter.
|
|||||
| CVE-2006-5317 | 1 Jhjgubbels | 1 Eboli | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in eboli allows remote attackers to execute arbitrary PHP code via a URL in the contentSpecial parameter.
|
|||||
| CVE-2007-0305 | 1 Okulsistem Okul Web | 1 Otomasyon Sistemi | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-5630 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 7.5 HIGH | N/A |
|
Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.
|
|||||
| CVE-2006-7204 | 1 Php | 1 Php | 2025-04-09 | 2.1 LOW | N/A |
|
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
|
|||||
| CVE-2007-2747 | 1 Rdiffweb | 1 Rdiffweb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI.
|
|||||
| CVE-2007-3131 | 1 Public Warehouse | 1 Light Blog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in add_comment.php in Light Blog 4.1 before 20070606 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2007-0694 | 1 Dian Gemilang | 1 Dgnews | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.
|
|||||
| CVE-2007-0927 | 1 Utorrent | 1 Utorrent | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.
|
|||||
| CVE-2006-5772 | 1 Freewebshop | 1 Freewebshop | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.
|
|||||
| CVE-2007-2773 | 1 Zomplog | 1 Zomplog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter.
|
|||||
| CVE-2007-4109 | 1 Codewidgets | 1 Online Event Registration Template | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
|
|||||
| CVE-2006-5247 | 1 Eazy Cart | 1 Eazy Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information.
|
|||||
| CVE-2007-1718 | 1 Php | 1 Php | 2025-04-09 | 7.8 HIGH | N/A |
|
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
|
|||||
| CVE-2007-0145 | 1 Bingo News | 1 Bingo News | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649.
|
|||||
| CVE-2007-1644 | 1 Microsoft | 1 All Windows | 2025-04-09 | 10.0 HIGH | N/A |
|
The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution).
|
|||||
| CVE-2006-5446 | 1 Casinosoft | 1 Casino Script | 2025-04-09 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter.
|
|||||
| CVE-2007-0607 | 1 W-agora | 1 W-agora | 2025-04-09 | 4.3 MEDIUM | N/A |
|
W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.
|
|||||
| CVE-2007-0246 | 1 Gforge | 1 Gforge | 2025-04-09 | 6.8 MEDIUM | N/A |
|
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
|
|||||
| CVE-2007-2845 | 1 Avast | 1 Avast Antivirus | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".
|
|||||
| CVE-2007-2173 | 2 Double Precision Incorporated, Gentoo | 2 Courier-imap, Linux | 2025-04-09 | 10.0 HIGH | N/A |
|
Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
|
|||||
| CVE-2007-1911 | 1 Microsoft | 1 Word | 2025-04-09 | 7.1 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
|
|||||
| CVE-2008-4583 | 1 Chilkat Software | 1 Ftp | 2025-04-09 | 7.5 HIGH | N/A |
|
Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname in the SavePkcs8File method.
|
|||||
| CVE-2006-7135 | 1 Php Poll Creator | 1 Php Poll Creator | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6547 | 1 Runcms | 1 Runcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
|
|||||
| CVE-2007-2068 | 1 Storefront For Gallery | 1 Storefront Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php.
|
|||||
| CVE-2007-3335 | 1 Phpecho Cms | 1 Phpecho Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-4406 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | 7.5 HIGH | N/A |
|
ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.
|
|||||
| CVE-2007-0815 | 1 Uapplication | 1 Uphotogallery | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023.
|
|||||
| CVE-2006-7041 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2025-04-09 | 7.8 HIGH | N/A |
|
The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known.
|
|||||
| CVE-2007-3079 | 1 Eqdkp | 1 Eqdkp | 2025-04-09 | 7.1 HIGH | N/A |
|
listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path.
|
|||||
| CVE-2007-1961 | 1 Phpbb | 1 Mutant | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||