Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3589 | 1 B1g | 1 B1gbb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php.
|
|||||
| CVE-2007-4379 | 1 Rndlabs | 1 Babo Violent | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a denial of service (application crash) via (1) a value greater than 0x27 for the (a) 0xca, (b) 0xcb, (c) 0xcc, (d) 0xce, (e) 0xcf, or (f) 0xd0 data ID; (2) a nonexistent map name; or (3) a UDP packet that specifies a large data size.
|
|||||
| CVE-2007-1432 | 1 Grayscale | 1 Grayscale Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.
|
|||||
| CVE-2006-5782 | 1 Hp | 1 Openview Client Configuraton Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not require authentication before executing commands in the installation directory, which allows remote attackers to cause a denial of service (reboot) by calling radbootw.exe or create arbitrary files by calling radcrecv.
|
|||||
| CVE-2007-4032 | 1 Crystal Reality Llc | 1 Crystalplayer Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote attackers to execute arbitrary code via a long string in a .mls Playlist file.
|
|||||
| CVE-2007-0381 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.
|
|||||
| CVE-2007-3462 | 1 Sofaware | 1 Safe At Office 500 Utm | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network.
|
|||||
| CVE-2007-4447 | 1 Toribash | 1 Toribash | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character.
|
|||||
| CVE-2007-3023 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 10.0 HIGH | N/A |
|
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
|
|||||
| CVE-2006-6533 | 1 Oscommerce | 1 Oscommerce | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in error messages.
|
|||||
| CVE-2006-6167 | 1 Active Php Bookmarks | 1 Active Php Bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks (APB) 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS['apb_path'] parameter in (1) apb_common.php or (2) apb.php. NOTE: CVE and another third party dispute this vulnerability because these PHP scripts exit if the attack vectors are present in GPC variables
|
|||||
| CVE-2007-2501 | 1 Fernando M.a.d.s. | 1 Codepress | 2025-04-09 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call.
|
|||||
| CVE-2007-4147 | 1 Interspire | 1 Articlelive Nx | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Interspire ArticleLive NX before 1.7.1.2 have unknown impact and attack vectors, possibly related to (1) AL_SANITIZE and (2) "Calling the constructor to make sure things are checked, safe mode, etc."
|
|||||
| CVE-2006-5384 | 1 Cds Software Consortium | 1 Cds Agenda | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter.
|
|||||
| CVE-2008-5985 | 1 Gnome | 1 Epiphany | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
|
|||||
| CVE-2007-3348 | 1 D-link | 2 Dph-540, Dph-541 | 2025-04-09 | 7.8 HIGH | N/A |
|
The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
|
|||||
| CVE-2007-3828 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.
|
|||||
| CVE-2007-0631 | 1 Eclectic Designs | 1 Cascadianfaq | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2007-3590 | 1 B1g | 1 B1gbb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
|
|||||
| CVE-2007-1534 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 9.3 HIGH | N/A |
|
DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
|
|||||
| CVE-2007-0167 | 2 Ppc Search Engine, Wgs-ppc | 2 Ppc Search Engine, Wgs-ppc | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.
|
|||||
| CVE-2009-4140 | 2 Matomo, Teethgrinder.co.uk | 2 Matomo, Open Flash Chart | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the fil ...
Show More |
|||||
| CVE-2007-1379 | 1 Php | 1 Php | 2025-04-09 | 5.1 MEDIUM | N/A |
|
The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.
|
|||||
| CVE-2007-3376 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.
|
|||||
| CVE-2006-5437 | 1 Phpadsnew | 1 Phpadsnew | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in upgrade.php in phpAdsNew 2.0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the phpAds_config[language] parameter. NOTE: this issue could not be reproduced by a third party
|
|||||
| CVE-2006-5892 | 1 The Net Guys | 1 Aspired2poll | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-5481 | 1 Distributed Checksum Clearinghouse | 1 Dcc | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood."
|
|||||
| CVE-2009-1659 | 1 Intelliants | 1 Elitius | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/.
|
|||||
| CVE-2006-5226 | 1 Freenews | 1 Freenews | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
|
|||||
| CVE-2007-0974 | 1 Ian Bezanson | 1 Dropbox | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0.0.4 beta have unknown impact and attack vectors, possibly related to a variable extraction vulnerability.
|
|||||
| CVE-2006-6235 | 6 Gnu, Gpg4win, Redhat and 3 more | 9 Privacy Guard, Gpg4win, Enterprise Linux and 6 more | 2025-04-09 | 10.0 HIGH | N/A |
|
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
|
|||||
| CVE-2007-2233 | 1 Cosign | 1 Cosign | 2025-04-09 | 6.5 MEDIUM | N/A |
|
cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.
|
|||||
| CVE-2007-0468 | 1 Microsoft | 1 Visual Studio | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.
|
|||||
| CVE-2007-3141 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042.
|
|||||
| CVE-2006-5492 | 1 Maarch | 1 Maarch | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants."
|
|||||
| CVE-2006-5292 | 1 Exhibit Engine | 1 Exhibit Engine | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
|
|||||
| CVE-2007-3713 | 1 Konst | 1 Centericq | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160.
|
|||||
| CVE-2009-2975 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol.
|
|||||
| CVE-2007-3364 | 1 Myserver | 1 Myserver | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content.
|
|||||
| CVE-2007-3390 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP.
|
|||||