Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3777 | 1 Grisoft | 1 Avg Antivirus | 2025-04-09 | 7.2 HIGH | N/A |
|
avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler.
|
|||||
| CVE-2006-6020 | 1 Blog Torrent | 1 Blog Torrent Preview | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter.
|
|||||
| CVE-2007-4358 | 1 Zoidcom | 1 Zoidcom | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643.
|
|||||
| CVE-2006-7197 | 1 Apache | 1 Tomcat | 2025-04-09 | 7.8 HIGH | N/A |
|
The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
|
|||||
| CVE-2006-7165 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."
|
|||||
| CVE-2007-2995 | 1 Ibm | 1 Aix | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.
|
|||||
| CVE-2009-3295 | 1 Mit | 1 Kerberos 5 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.
|
|||||
| CVE-2009-2202 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
|
|||||
| CVE-2007-1984 | 1 Lite-cms | 1 Lite-cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
|
|||||
| CVE-2007-1932 | 1 Scar4u | 1 Scarnews | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter.
|
|||||
| CVE-2006-6218 | 1 Dev4u | 1 Dev4u Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters.
|
|||||
| CVE-2006-5252 | 1 Webmedia Explorer | 1 Webmedia Explorer | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter.
|
|||||
| CVE-2006-5138 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message.
|
|||||
| CVE-2006-6395 | 1 Ulrik Petersen | 2 Emdros Database Engine, Emrdos Database Engine | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415.
|
|||||
| CVE-2007-3763 | 1 Asterisk | 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
|
|||||
| CVE-2006-6823 | 1 Yrch | 1 Yrch | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
|
|||||
| CVE-2007-3905 | 1 Zoph | 1 Zoph | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php.
|
|||||
| CVE-2007-4209 | 1 Aceboard | 1 Aceboard Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Recherche.php in Aceboard forum allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-1856 | 2 Gentoo, Paul Vixie | 2 Linux, Vixie Cron | 2025-04-09 | 2.1 LOW | N/A |
|
Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.
|
|||||
| CVE-2006-7039 | 2 Atrium Software, Microsoft | 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.
|
|||||
| CVE-2007-3826 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.
|
|||||
| CVE-2007-2412 | 1 Seir Anphin | 1 Seir Anphin | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use
|
|||||
| CVE-2007-1288 | 1 Webmobo | 1 Wbnews | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.
|
|||||
| CVE-2006-5079 | 1 Php Arena | 1 Pabugs | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter.
|
|||||
| CVE-2006-6226 | 1 Neoengine | 1 Neoengine | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp.
|
|||||
| CVE-2007-4182 | 1 Wikiwebweaver | 1 Wikiwebweaver | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/.
|
|||||
| CVE-2007-0849 | 1 Syscp Team | 1 Syscp | 2025-04-09 | 7.2 HIGH | N/A |
|
scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568.
|
|||||
| CVE-2007-4157 | 1 Phpblogger | 1 Php-blogger | 2025-04-09 | 5.0 MEDIUM | N/A |
|
PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version.
|
|||||
| CVE-2007-3316 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.
|
|||||
| CVE-2007-2149 | 1 Stephen Craton | 1 Chatness | 2025-04-09 | 10.0 HIGH | N/A |
|
Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php.
|
|||||
| CVE-2007-3830 | 1 Ibm | 2 Proventia Network Ips Gx5008, Proventia Network Ips Gx5108 | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter.
|
|||||
| CVE-2007-1677 | 2 Navision Software, Netbsd | 2 Navision Financials Server, Netbsd | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function.
|
|||||
| CVE-2007-3576 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar.
|
|||||
| CVE-2009-0755 | 1 Poppler | 1 Poppler | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
|
|||||
| CVE-2007-0846 | 1 Open Tibia Server Cms | 1 Open Tibia Server Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter.
|
|||||
| CVE-2007-2209 | 2 Accusoft, Corel | 2 Imagegear, Paint Shop Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources.
|
|||||
| CVE-2007-1292 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
|
|||||
| CVE-2008-1058 | 1 Openbsd | 1 Openbsd | 2025-04-09 | 7.8 HIGH | N/A |
|
The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2197 | 1 Brettle Development | 1 Neatupload | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.
|
|||||
| CVE-2007-2490 | 1 Livedata | 3 Iccp Server, Maintenance Server, Protocol Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets.
|
|||||