Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3990 | 1 Asp Indir | 1 Dora Emlak | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the goster parameter is set to emlakdetay, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1868 | 1 Ibm | 1 Tivoli Provisioning Manager Os Deployment | 2025-04-09 | 10.0 HIGH | N/A |
|
The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.
|
|||||
| CVE-2006-6302 | 1 Fail2ban | 1 Fail2ban | 2025-04-09 | 5.0 MEDIUM | N/A |
|
fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address.
|
|||||
| CVE-2007-1232 | 1 Sqlite Manager | 1 Sqlite Manager | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.
|
|||||
| CVE-2007-0766 | 1 Remotesoft | 1 .net Explorer | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
|
|||||
| CVE-2007-3145 | 1 Galeon | 1 Galeon Browser | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
|
|||||
| CVE-2006-4577 | 1 The Address Book | 1 The Address Book | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php.
|
|||||
| CVE-2006-5878 | 1 Edgewall Software | 1 Trac | 2025-04-09 | 7.5 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.
|
|||||
| CVE-2007-2486 | 1 Motobit | 1 Motobit | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter.
|
|||||
| CVE-2007-3523 | 1 Groupeclan.free.fr | 1 Xcms | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter.
|
|||||
| CVE-2007-1917 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
|
|||||
| CVE-2007-2102 | 1 My Little Homepage | 1 My Little Weblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087.
|
|||||
| CVE-2007-0006 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 1.9 LOW | N/A |
|
The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
|
|||||
| CVE-2007-2527 | 1 Dynamicpad | 1 Dynamicpad | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php.
|
|||||
| CVE-2006-7161 | 1 Aspindir | 1 Hazirsite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter.
|
|||||
| CVE-2006-5514 | 1 Web Group Communication Center | 1 Web Group Communication Center | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter.
|
|||||
| CVE-2007-3862 | 1 Oracle | 1 Application Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01.
|
|||||
| CVE-2007-1877 | 1 Vmware | 1 Workstation | 2025-04-09 | 7.8 HIGH | N/A |
|
VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.
|
|||||
| CVE-2006-5663 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2025-04-09 | 4.6 MEDIUM | N/A |
|
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.
|
|||||
| CVE-2007-0793 | 1 Globalmegacorp | 1 Dvddb | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.
|
|||||
| CVE-2006-5389 | 1 Wyana | 1 Php-wyana | 2025-04-09 | 5.0 MEDIUM | N/A |
|
tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message.
|
|||||
| CVE-2007-3203 | 1 Software602 | 1 602pro Lan Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1271 | 1 Vmware | 1 Esx | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
|
|||||
| CVE-2007-0089 | 1 Jgbbs | 1 Jgbbs | 2025-04-09 | 7.5 HIGH | N/A |
|
jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb.
|
|||||
| CVE-2007-3633 | 1 Chilkat Software | 1 Chilkat Zip Activex Control | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method.
|
|||||
| CVE-2006-6466 | 1 Wikyblog | 1 Wikyblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: CVE disputes the l vector because l is validated by ctype_alpha before use.
|
|||||
| CVE-2007-0121 | 1 Michael Romedahl | 1 Ri Blog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2007-4485 | 1 Butterfly | 1 Butterfly | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors count ...
Show More |
|||||
| CVE-2006-5214 | 2 Netbsd, Sun | 3 Netbsd, Solaris, Sunos | 2025-04-09 | 1.2 LOW | N/A |
|
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
|
|||||
| CVE-2007-0343 | 1 Openbsd | 1 Openbsd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.
|
|||||
| CVE-2006-5296 | 1 Microsoft | 1 Powerpoint | 2025-04-09 | 4.3 MEDIUM | N/A |
|
PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later a ...
Show More |
|||||
| CVE-2007-1858 | 1 Apache | 1 Tomcat | 2025-04-09 | 2.6 LOW | N/A |
|
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
|
|||||
| CVE-2007-0660 | 1 Dotnetnuke | 1 Dotnetnuke Iframe | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."
|
|||||
| CVE-2007-3219 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.
|
|||||
| CVE-2007-2614 | 1 Phphtmllib | 1 Phphtmllib | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter.
|
|||||
| CVE-2007-2250 | 1 Phorum | 1 Phorum | 2025-04-09 | 5.0 MEDIUM | N/A |
|
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.
|
|||||
| CVE-2007-4052 | 1 Nukedit | 1 Nukedit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1854 | 1 Hitachi | 7 Cosminexus Component Container, Electronic Form Workflow, Ucosminexus Application Server and 4 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in uCosminexus Application Server Enterprise and Standard; uCosminexus Service Platform; uCosminexus Developer Standard and Professional; uCosminexus Service Architect; Electronic Form Workflow Standard Set, Professional Library Set, and Developer Client Set; and uCosminexus ERP Integrator, does not properly manage session information, which has an unspecified impact re ...
Show More |
|||||
| CVE-2006-5052 | 1 Openbsd | 1 Openssh | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
|
|||||
| CVE-2006-6780 | 1 Hlstats | 1 Hlstats | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter.
|
|||||