Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5131 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php.
|
|||||
| CVE-2007-1825 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3.
|
|||||
| CVE-2006-6981 | 1 3proxy | 1 3proxy | 2025-04-09 | 5.0 MEDIUM | N/A |
|
3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten.
|
|||||
| CVE-2007-1398 | 2 Linux, Snort | 2 Linux Kernel, Snort | 2025-04-09 | 7.1 HIGH | N/A |
|
The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet.
|
|||||
| CVE-2006-6816 | 1 Dmxready | 1 Dmxready Secure Login Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo.
|
|||||
| CVE-2006-6447 | 1 Vt-forum | 1 Vt-forum Lite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp.
|
|||||
| CVE-2006-7151 | 2 Gnu, Redhat | 2 Libtool-ltdl, Fedora Core | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.
|
|||||
| CVE-2007-3224 | 1 Sun | 2 Java System Directory Server, One Directory Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors.
|
|||||
| CVE-2007-0345 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.
|
|||||
| CVE-2006-5949 | 1 Altools | 1 Alftp Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
|
|||||
| CVE-2007-4275 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd.
|
|||||
| CVE-2007-4484 | 1 My Referer | 1 My Referer | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in login.php in My_REFERER 1.08 allows remote attackers to execute arbitrary PHP code via a URL in the value parameter.
|
|||||
| CVE-2007-3985 | 1 Securecomputing | 1 Securityreporter | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter.
|
|||||
| CVE-2009-3643 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728.
|
|||||
| CVE-2007-1020 | 1 Cedstat | 1 Cedstat | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter.
|
|||||
| CVE-2006-5027 | 1 Jeroen Vennegoor | 1 Jevoncms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysql.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, and (7) db_pgsql.inc; and (8) db_sybase.inc, which reveals the path in various error messages.
|
|||||
| CVE-2007-2018 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-0737 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2007-2221 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."
|
|||||
| CVE-2007-4486 | 1 Linkliste | 1 Linkliste | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter.
|
|||||
| CVE-2006-6084 | 1 Unverse.net | 1 Abitwhizzy | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6654 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function.
|
|||||
| CVE-2007-1493 | 1 Nukescripts | 1 Nukesentinel | 2025-04-09 | 7.5 HIGH | N/A |
|
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
|
|||||
| CVE-2006-5557 | 1 Hp | 1 Hp-ux | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.
|
|||||
| CVE-2007-0917 | 1 Cisco | 1 Ios | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
|
|||||
| CVE-2007-0637 | 1 Galeria Zdjec | 1 Galeria Zdjec | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
|
|||||
| CVE-2006-5496 | 1 Timothy Claason | 1 Knowledgebank | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.
|
|||||
| CVE-2006-6334 | 1 Citrix | 1 Presentation Server Client | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.
|
|||||
| CVE-2007-0761 | 1 Phpbb | 1 Ezboard Converter | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.
|
|||||
| CVE-2006-3455 | 1 Symantec | 2 Client Security, Norton Antivirus | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.
|
|||||
| CVE-2006-5673 | 1 Minibb | 1 Minibb | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.
|
|||||
| CVE-2007-1391 | 1 Webo | 1 Webo | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
|
|||||
| CVE-2006-6186 | 1 Enomphp | 1 Enomphp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in enomphp 4.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to (1) config.php, (2) ranklv_inside.php, (3) rankml_inside.php, and (4) admin/Restore/config.php.
|
|||||
| CVE-2006-6180 | 1 Expinion.net | 1 Inews Publisher | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1557 | 1 F-secure | 1 F-secure Anti-virus | 2025-04-09 | 7.2 HIGH | N/A |
|
Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page.
|
|||||
| CVE-2007-1950 | 1 Webblizzard | 1 Content Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter.
|
|||||
| CVE-2007-0816 | 1 Broadcom | 1 Brightstor Arcserve Backup | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.
|
|||||
| CVE-2008-0663 | 1 Novell | 2 Challenge Response Client, Novell Client For Windows | 2025-04-09 | 2.1 LOW | N/A |
|
Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field.
|
|||||
| CVE-2007-2123 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04.
|
|||||
| CVE-2007-4630 | 1 Xigla | 1 Absolute Poll Manager Xe | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||