Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4373 | 1 Rndlabs | 1 Babo Violent | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes.
|
|||||
| CVE-2006-7211 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 4.9 MEDIUM | N/A |
|
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.
|
|||||
| CVE-2007-4155 | 1 Emc | 1 Vmware | 2025-04-09 | 9.3 HIGH | N/A |
|
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method.
|
|||||
| CVE-2006-6013 | 5 Dragonflybsd, Freebsd, Midnightbsd and 2 more | 5 Dragonflybsd, Freebsd, Midnightbsd and 2 more | 2025-04-09 | 2.1 LOW | N/A |
|
Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an i ...
Show More |
|||||
| CVE-2006-6933 | 1 Efs Software | 1 Easy Chat Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2858 | 1 Phpbb | 1 Ip-tracking | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field.
|
|||||
| CVE-2007-1702 | 1 Mambo | 1 Flatmenu | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2007-0467 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.2 MEDIUM | N/A |
|
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
|
|||||
| CVE-2007-2994 | 1 Dian Gemilang | 1 Dgnews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693.
|
|||||
| CVE-2007-2148 | 1 Stephen Craton | 1 Chatness | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
|
|||||
| CVE-2007-6351 | 1 Libexif Project | 1 Libexif | 2025-04-09 | 4.3 MEDIUM | N/A |
|
libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.
|
|||||
| CVE-2007-0201 | 1 Tis | 1 Internet Firewall Toolkit | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).
|
|||||
| CVE-2007-4533 | 1 Vavoom | 1 Vavoom | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in the Say command in sv_main.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a chat message, related to a call to the BroadcastPrintf function.
|
|||||
| CVE-2007-3599 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 8.5 HIGH | N/A |
|
vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission.
|
|||||
| CVE-2007-2493 | 1 Mxbb | 2 Mxbb Faq, Mxbb Rules | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
|
|||||
| CVE-2007-2502 | 1 Hp | 1 Procurve Switch 9300m | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015.
|
|||||
| CVE-2007-3660 | 1 Nonnoi Solutions | 1 Asp Barcode | 2025-04-09 | 7.5 HIGH | N/A |
|
The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function.
|
|||||
| CVE-2006-4251 | 1 Powerdns | 1 Recursor | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length.
|
|||||
| CVE-2009-0385 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.
|
|||||
| CVE-2006-5139 | 1 Mkportal | 1 Mkportal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox.
|
|||||
| CVE-2007-1175 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2006-5665 | 1 Spider Friendly | 1 Spider Friendly | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-6591 | 1 Kde | 1 Konqueror | 2025-04-09 | 4.3 MEDIUM | N/A |
|
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
|
|||||
| CVE-2006-6138 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter.
|
|||||
| CVE-2007-4018 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.
|
|||||
| CVE-2007-3465 | 1 Sofaware | 1 Safe At Office 500 Utm | 2025-04-09 | 10.0 HIGH | N/A |
|
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.
|
|||||
| CVE-2006-6034 | 1 Sitesoutlet | 1 E-commerce Kit-1 | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp.
|
|||||
| CVE-2007-1396 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in a ...
Show More |
|||||
| CVE-2007-1203 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
|
|||||
| CVE-2007-2634 | 1 Agner Fog | 1 Aforum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-7033 | 1 Super Link Exchange Script | 1 Super Link Exchange Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Super Link Exchange Script 1.0 allows remote attackers to inject arbitrary web script or HTML via IMG tags in the search box.
|
|||||
| CVE-2006-6124 | 1 Biba Software | 1 Seleniumserver Web Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-7028 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 7.8 HIGH | N/A |
|
Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error.
|
|||||
| CVE-2006-5401 | 1 Aroundme | 1 Aroundme | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter.
|
|||||
| CVE-2006-7192 | 1 Microsoft | 1 .net Framework | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
|
|||||
| CVE-2007-2675 | 1 Pre Projects | 1 Pre Classifieds Listings | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2007-1219 | 1 Admin Phorum | 1 Admin Phorum | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
|
|||||
| CVE-2007-1293 | 1 Rigter Portal System | 1 Rigter Portal System | 2025-04-09 | 5.8 MEDIUM | N/A |
|
SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.
|
|||||
| CVE-2006-7214 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.
|
|||||
| CVE-2007-3293 | 1 Livecms | 1 Livecms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||