Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25890 | 1 Wifey Project | 1 Wifey | 2025-04-09 | N/A | 7.4 HIGH |
|
All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.
|
|||||
| CVE-2009-1522 | 2 Ibm, Microsoft | 3 Aix, Tivoli Storage Manager Client, Windows | 2025-04-09 | 7.1 HIGH | N/A |
|
The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors.
|
|||||
| CVE-2007-4556 | 1 Opensymphony | 1 Xwork | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
|
|||||
| CVE-2006-5873 | 2 Debian, L2tpns | 2 Debian Linux, L2tpns | 2025-04-09 | 7.8 HIGH | N/A |
|
Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.
|
|||||
| CVE-2006-5631 | 1 Ig Shop | 1 Ig Shop | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632.
|
|||||
| CVE-2007-1907 | 1 Pathos | 1 Content Management System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
|
|||||
| CVE-2006-6381 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2006-5895 | 1 Encapscms | 1 Encapscms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in core/core.php in EncapsCMS 0.3.6 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
|
|||||
| CVE-2007-2368 | 1 Webspell | 1 Webspell | 2025-04-09 | 5.0 MEDIUM | N/A |
|
picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter.
|
|||||
| CVE-2007-2642 | 1 R2k | 1 R2k Gallery | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.
|
|||||
| CVE-2009-2625 | 7 Apache, Canonical, Debian and 4 more | 9 Xerces2 Java, Ubuntu Linux, Debian Linux and 6 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
|
|||||
| CVE-2006-6331 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 6.0 MEDIUM | N/A |
|
metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php.
|
|||||
| CVE-2006-5513 | 1 Geonetwork | 1 Opensource | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors.
|
|||||
| CVE-2008-6830 | 1 Citrix | 1 Web Interface | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface.
|
|||||
| CVE-2007-1665 | 2 Debian, Ekg | 2 Debian Linux, Ekg | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.
|
|||||
| CVE-2006-6464 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2025-04-09 | 5.0 MEDIUM | N/A |
|
viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart.
|
|||||
| CVE-2007-0027 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
|
|||||
| CVE-2007-2828 | 1 Johntp | 1 Adsense-deluxe | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors.
|
|||||
| CVE-2007-2979 | 1 Techno Dreams | 1 Web Directory | 2025-04-09 | 7.8 HIGH | N/A |
|
Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb.
|
|||||
| CVE-2006-6854 | 1 De Marchi Daniele | 1 Quickcam | 2025-04-09 | 7.5 HIGH | N/A |
|
The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object.
|
|||||
| CVE-2007-2645 | 1 Libexif | 1 Libexif | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
|
|||||
| CVE-2007-2443 | 3 Canonical, Debian, Mit | 3 Ubuntu Linux, Debian Linux, Kerberos 5 | 2025-04-09 | 8.3 HIGH | N/A |
|
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
|
|||||
| CVE-2007-1721 | 1 Realink | 1 C-arbre | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.
|
|||||
| CVE-2006-5347 | 1 Oracle | 1 Http Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS04.
|
|||||
| CVE-2006-5019 | 1 Google | 1 Mini Search Appliance | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.
|
|||||
| CVE-2007-3728 | 1 Silc | 2 Silc Client, Silc Toolkit | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.
|
|||||
| CVE-2006-6611 | 1 Barman | 1 Barman | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.
|
|||||
| CVE-2006-5154 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter.
|
|||||
| CVE-2007-1710 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.
|
|||||
| CVE-2007-0195 | 1 F5 | 1 Firepass | 2025-04-09 | 5.0 MEDIUM | N/A |
|
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.
|
|||||
| CVE-2007-1239 | 1 Microsoft | 1 Excel | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
|
|||||
| CVE-2007-3564 | 1 Libcurl | 1 Libcurl | 2025-04-09 | 7.5 HIGH | N/A |
|
libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.
|
|||||
| CVE-2007-3244 | 1 Bbpress | 1 Bbpress | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."
|
|||||
| CVE-2006-6407 | 1 F-prot | 1 F-prot Antivirus | 2025-04-09 | 5.0 MEDIUM | N/A |
|
F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
|
|||||
| CVE-2007-0568 | 1 Myphpcommander | 1 Myphpcommander | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.
|
|||||
| CVE-2006-6384 | 1 John Goodman | 1 Abitwhizzy | 2025-04-09 | 7.8 HIGH | N/A |
|
Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of CVE-2006-6084.
|
|||||
| CVE-2007-0150 | 1 Dayfox Designs | 1 Dayfox Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.
|
|||||
| CVE-2007-0901 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1364 | 2 Francis James Franklin, Opensuse | 2 Libwmf, Opensuse | 2025-04-09 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
|
|||||
| CVE-2007-2838 | 2 Debian, Gsambad | 2 Debian Linux, Gsambad | 2025-04-09 | 7.2 HIGH | N/A |
|
The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file.
|
|||||