Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1077 | 1 Design4online | 1 Userpages2 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4012 | 1 Cisco | 6 4100 Wireless Lan Controller, 4400 Wireless Lan Controller, Airespace 4000 Wireless Lan Controller and 3 more | 2025-04-09 | 7.1 HIGH | N/A |
|
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374.
|
|||||
| CVE-2007-4341 | 1 Omnistar | 1 Lib2 Php Library | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
|
|||||
| CVE-2007-3882 | 1 Popscript.com | 1 Expert Advisor | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-2143 | 1 Bonoestente | 1 Joomla Template Be2004-2 | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2006-4154 | 1 Apache | 1 Http Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
|
|||||
| CVE-2007-3509 | 1 Symantec | 1 Veritas Backup Exec | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.
|
|||||
| CVE-2007-3683 | 1 Aigaion | 1 Aigaion | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter.
|
|||||
| CVE-2007-2715 | 1 Snaps Gallery | 1 Snaps Gallery | 2025-04-09 | 10.0 HIGH | N/A |
|
Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.
|
|||||
| CVE-2007-0752 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
|
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.
|
|||||
| CVE-2007-0651 | 1 Mailenable | 1 Mailenable Professional | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
|
|||||
| CVE-2007-1822 | 1 Alcatel-lucent | 1 Voice Mail System | 2025-04-09 | 10.0 HIGH | N/A |
|
Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).
|
|||||
| CVE-2006-4813 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked.
|
|||||
| CVE-2006-6346 | 1 Sap | 1 Internet Graphics Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace peri ...
Show More |
|||||
| CVE-2007-4048 | 1 Phpsysinfo | 1 Phpsysinfo | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
|||||
| CVE-2006-7203 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs").
|
|||||
| CVE-2006-6851 | 1 Mobilelib | 1 Mobilelib Gold | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.
|
|||||
| CVE-2007-3086 | 1 Agnitum | 1 Outpost Firewall | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex.
|
|||||
| CVE-2006-6507 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.
|
|||||
| CVE-2009-3662 | 1 Filecopa-ftpserver | 1 Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a large number of crafted NOOP commands.
|
|||||
| CVE-2009-1727 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.
|
|||||
| CVE-2007-1730 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
|
|||||
| CVE-2007-3066 | 1 Phpreactor | 1 Phpreactor | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983.
|
|||||
| CVE-2007-2387 | 1 Apple | 1 Xserve Lights-out Management | 2025-04-09 | 10.0 HIGH | N/A |
|
Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.
|
|||||
| CVE-2007-1417 | 1 Hc Design | 1 Newssystem | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion.
|
|||||
| CVE-2006-6490 | 2 Supportsoft, Symantec | 6 Scriptrunner, Smartissue, Automated Support Assistant and 3 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
|
|||||
| CVE-2007-1650 | 1 Pcapsipdump | 1 Pcapsipdump | 2025-04-09 | 7.8 HIGH | N/A |
|
pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to cause a denial of service (application crash) via a malformed SIP packet, which results in a NULL pointer dereference.
|
|||||
| CVE-2006-5284 | 1 Php News Reader | 1 Php News Reader | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter.
|
|||||
| CVE-2007-4767 | 1 Pcre | 1 Pcre | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.
|
|||||
| CVE-2007-3315 | 1 Yourfreescreamer | 1 Yourfreescreamer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter to bodyTemplate.php in (1) templates/Classic/, (2) templates/Classic Guestbook/, (3) templates/DarkNights/, and (4) templates/Simplistic/, different vectors than CVE-2007-3271. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6488 | 1 Iconics | 1 Dialog Wrapper Module Activex Control | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument.
|
|||||
| CVE-2007-4446 | 1 Toribash | 1 Toribash | 2025-04-09 | 7.5 HIGH | N/A |
|
Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.
|
|||||
| CVE-2007-1745 | 2 Clam Anti-virus, Ifenslave | 2 Clamav, Ifenslave | 2025-04-09 | 7.1 HIGH | N/A |
|
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2873 | 1 Spamassassin | 1 Spamassassin | 2025-04-09 | 1.9 LOW | N/A |
|
SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.
|
|||||
| CVE-2006-6007 | 1 Webevents | 1 Online Event Registration | 2025-04-09 | 5.0 MEDIUM | N/A |
|
save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter.
|
|||||
| CVE-2006-6160 | 1 Doug Luxem | 1 Liberum Help Desk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-4301 | 1 Webcart | 1 Webcart | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-3720 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
The process scheduler in the Linux kernel 2.4 performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
|
|||||
| CVE-2006-6343 | 1 Neocrome | 1 Seditio | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-0547 | 1 Cgi-rescue | 1 Webform | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||