Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0673 | 1 Tintin | 2 Tintin\+\+, Wintin\+\+ | 2025-04-09 | 7.5 HIGH | N/A |
|
TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory.
|
|||||
| CVE-2007-3789 | 1 Inmostore | 1 Inmostore | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1903 | 1 Sonicbb | 1 Sonicbb | 2025-04-09 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.
|
|||||
| CVE-2006-6853 | 1 Mozilla | 1 Durian Web Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
|
|||||
| CVE-2007-4013 | 2 Citrix, Mozilla | 3 Access Gateway, Endpoint Analysis Client, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679.
|
|||||
| CVE-2007-3856 | 1 Oracle | 2 Database Server, Oracle10g | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04.
|
|||||
| CVE-2006-5157 | 1 Trend Micro | 1 Officescan | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search".
|
|||||
| CVE-2007-4362 | 1 Prozilla | 1 Webring | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2007-2661 | 1 Drumster | 1 Blogme | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976.
|
|||||
| CVE-2007-4233 | 1 Camera Life | 1 Camera Life | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2006-4393 | 1 Apple | 1 Mac Os X | 2025-04-09 | 3.7 LOW | N/A |
|
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.
|
|||||
| CVE-2006-3867 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
|
|||||
| CVE-2006-6075 | 1 Baalasp | 1 Smart Form Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5421 | 1 Wsn Forum | 1 Wsn Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability.
|
|||||
| CVE-2007-4785 | 1 Sony | 1 Micro Vault Fingerprint Access Software | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory.
|
|||||
| CVE-2006-7132 | 1 Cynux Softwares | 1 Phpmydesk | 2025-04-09 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.
|
|||||
| CVE-2007-4180 | 1 Pluck | 1 Pluck | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files
|
|||||
| CVE-2007-1191 | 1 Quicksilver | 1 Del.icio.us Module | 2025-04-09 | 2.1 LOW | N/A |
|
The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2007-2941 | 1 Michael Brandon | 1 Vbgsitemap | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.
|
|||||
| CVE-2007-2031 | 1 3proxy | 1 3proxy | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.
|
|||||
| CVE-2007-1906 | 2 Ecardmax.com, Mybb | 2 Hot Editor, Mybb Hot Editor Plugin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
|
|||||
| CVE-2007-0476 | 1 Gentoo | 1 Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2007-4359 | 1 Skilmatch Staffing Systems | 1 Joblister3 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action.
|
|||||
| CVE-2007-0422 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.
|
|||||
| CVE-2007-0504 | 1 Vote Pro | 1 Vote Pro | 2025-04-09 | 10.0 HIGH | N/A |
|
Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.
|
|||||
| CVE-2007-3208 | 1 Yabb | 1 Yabb | 2025-04-09 | 10.0 HIGH | N/A |
|
CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.
|
|||||
| CVE-2007-6333 | 1 Hp | 2 Info Center, Quick Launch Button | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.
|
|||||
| CVE-2007-1389 | 1 Dynaliens | 1 Dynaliens | 2025-04-09 | 7.5 HIGH | N/A |
|
dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validlien.php3 (5) confsuppr.php3 (6) modiflien.php3, or (7) confmodif.php3 in admin/.
|
|||||
| CVE-2006-5598 | 1 Webgeneius | 1 Goop Gallery | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter.
|
|||||
| CVE-2007-2205 | 1 Lan Management System | 1 Lan Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.
|
|||||
| CVE-2007-1538 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
|
McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and ...
Show More |
|||||
| CVE-2006-5521 | 1 Net Dns | 1 Net Dns | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
|
|||||
| CVE-2007-1583 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
|
|||||
| CVE-2006-6858 | 1 Miredo | 1 Miredo | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client.
|
|||||
| CVE-2007-3772 | 1 Psnews | 1 Psnews | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter.
|
|||||
| CVE-2008-4865 | 1 Valgrind | 1 Valgrind | 2025-04-09 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.
|
|||||
| CVE-2006-6083 | 1 Creascripts | 1 Creadirectory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2007-1033 | 1 Drupal | 1 Secure Site Module | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL.
|
|||||
| CVE-2007-3591 | 1 Elite Bulletin Board | 1 Elite Bulletin Board | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks.
|
|||||
| CVE-2007-1260 | 1 Webmod | 1 Webmod | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header.
|
|||||