Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6190 | 1 Anna Irc Bot | 1 Anna\^ Irc Bot | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: it is possible that there are multiple issues.
|
|||||
| CVE-2007-3404 | 1 Sitedepth | 1 Sitedepth Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
|
|||||
| CVE-2007-0919 | 1 Nickolas Grigoriadis | 1 Mini Web Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.
|
|||||
| CVE-2006-6511 | 1 Dadaimc | 1 Dadaimc | 2025-04-09 | 6.8 MEDIUM | N/A |
|
dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php).
|
|||||
| CVE-2007-0773 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.
|
|||||
| CVE-2007-3076 | 1 Zenturi | 1 Zenturi Programchecker | 2025-04-09 | 7.8 HIGH | N/A |
|
A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.
|
|||||
| CVE-2006-5888 | 1 Superfreaker Studios | 1 Upublisher | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2006-6081 | 1 Telaen | 1 Telaen | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter.
|
|||||
| CVE-2007-3986 | 1 Securecomputing | 1 Securityreporter | 2025-04-09 | 5.0 MEDIUM | N/A |
|
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.
|
|||||
| CVE-2007-0976 | 1 Activex Soft | 1 Actsoft Dvd Tools | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value.
|
|||||
| CVE-2007-4398 | 1 Irssi | 1 Irssi | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
|
|||||
| CVE-2007-3475 | 1 Gd Graphics Library | 1 Gdlib | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
|
|||||
| CVE-2007-2652 | 1 Free-sa | 1 Free-sa | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow remote attackers to execute arbitrary code via unspecified vectors involving certain (1) sprintf and (2) vsprintf calls in (a) r_index.c, (b) r_reports.c, (c) r_topsites.c, (d) r_topuser.c, (e) r_typical.c, (f) r_userdatetime.c, and (g) r_users.c in reports/; and (h) w_fs.c, (i) w_internal.c, and (j) w_log_operations.c in work/, probably related to buffer overflows. NOTE: some of these details are obtained from third party infor ...
Show More |
|||||
| CVE-2007-3117 | 1 Adplan | 1 Seo | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers.
|
|||||
| CVE-2007-2028 | 1 Freeradius | 1 Freeradius | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
|
|||||
| CVE-2006-5677 | 1 Cluster Resources | 1 Torque Resource Manager | 2025-04-09 | 7.2 HIGH | N/A |
|
resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jobs.
|
|||||
| CVE-2006-5970 | 1 Verity | 1 Ultraseek | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, ...
Show More |
|||||
| CVE-2007-3964 | 1 Itaka | 1 Itaka | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Itaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot.
|
|||||
| CVE-2007-0915 | 1 Hp | 1 Hp-ux | 2025-04-09 | 10.0 HIGH | N/A |
|
Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.
|
|||||
| CVE-2007-3955 | 1 Linkedin | 1 Toolbar | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6545 | 1 Php | 1 Errordocs | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
|
|||||
| CVE-2007-2078 | 1 Maian | 1 Weblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use
|
|||||
| CVE-2007-1818 | 1 Forum Picture And Meta Tags | 1 Forum Picture And Meta Tags | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-4047 | 1 Geoblog | 1 Geoblog | 2025-04-09 | 6.4 MEDIUM | N/A |
|
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
|
|||||
| CVE-2006-6130 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket.
|
|||||
| CVE-2006-6755 | 1 Ixprim | 1 Ixprim Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.
|
|||||
| CVE-2007-1839 | 1 Codebb | 1 Codebb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) pass_code.php or (2) lang_select.
|
|||||
| CVE-2007-1467 | 1 Cisco | 18 Acs Solution Engine, Call Manager, Ciscoworks and 15 more | 2025-04-09 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN So ...
Show More |
|||||
| CVE-2006-6964 | 1 Mailenable | 1 Mailenable Professional | 2025-04-09 | 4.0 MEDIUM | N/A |
|
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
|
|||||
| CVE-2007-2003 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.
|
|||||
| CVE-2007-0767 | 1 Phorum | 1 Phorum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-4336 | 1 Microsoft | 1 Directx Media | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.
|
|||||
| CVE-2007-3342 | 1 Six Apart | 1 Movable Type | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231.
|
|||||
| CVE-2006-6766 | 1 Cwm-design | 1 Cwmexplorer | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information.
|
|||||
| CVE-2006-5886 | 1 Dynamic Dataworx | 1 Nurealestate | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter.
|
|||||
| CVE-2007-2410 | 1 Apple | 3 Mac Os X, Mac Os X Server, Webcore | 2025-04-09 | 4.3 MEDIUM | N/A |
|
WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
|
|||||
| CVE-2007-2086 | 1 Cnstats | 1 Cnstats | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/.
|
|||||
| CVE-2007-0084 | 1 Microsoft | 1 Message Compiler | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed
|
|||||
| CVE-2007-1715 | 1 Free Php Scripts | 1 Free Image Hosting | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763.
|
|||||
| CVE-2007-2622 | 1 Taskdriver | 1 Taskdriver | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php.
|
|||||