Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4377 | 1 Netwin | 1 Surgemail | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372.
|
|||||
| CVE-2006-6610 | 1 Alientrap | 1 Nexuiz | 2025-04-09 | 7.5 HIGH | N/A |
|
clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection."
|
|||||
| CVE-2007-3824 | 1 Mehmet Zati Karahan | 1 Mzk Blog | 2025-04-09 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter.
|
|||||
| CVE-2007-2202 | 1 Acvsws | 1 Acvsws Php5 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter.
|
|||||
| CVE-2007-4055 | 1 8pixel.net | 1 Simple Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this may be related to CVE-2006-4300.
|
|||||
| CVE-2006-6630 | 1 Ibiblio | 1 Osprey | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter.
|
|||||
| CVE-2006-7195 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
|
|||||
| CVE-2006-6915 | 1 Ibm | 1 Aix | 2025-04-09 | 4.0 MEDIUM | N/A |
|
ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.
|
|||||
| CVE-2007-2940 | 1 Flap | 1 Flap | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.
|
|||||
| CVE-2006-7154 | 1 Iono | 1 Iono | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Iono allows remote attackers to obtain the full server path via certain requests to (1) templates/iono/admin/denied.tpl.php, (2) templates/iono/admin/index.tpl.php, and (a) other unspecified files in templates/.
|
|||||
| CVE-2007-3359 | 1 Iptel | 1 Serweb | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3865 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01.
|
|||||
| CVE-2007-4319 | 1 Zyxel | 2 Zynos, Zywall 2 | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF; if so, then it should not be included in CVE.
|
|||||
| CVE-2007-1799 | 1 Joris Guisson | 1 Ktorrent | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.
|
|||||
| CVE-2008-4819 | 1 Adobe | 1 Flash Player | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
|
|||||
| CVE-2007-1350 | 1 Novell | 1 Netmail | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.
|
|||||
| CVE-2007-3606 | 1 Sap | 1 Enjoysap | 2025-04-09 | 7.6 HIGH | N/A |
|
Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function.
|
|||||
| CVE-2007-6630 | 1 Feng | 1 Feng | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request.
|
|||||
| CVE-2007-2861 | 1 Saxon | 1 Saxon | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php.
|
|||||
| CVE-2007-1344 | 1 Xiph | 1 Icecast Ezstream | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4046 | 1 Joomla | 1 Pony Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2007-2777 | 1 Alstrasoft | 1 Template Seller | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.
|
|||||
| CVE-2007-3795 | 1 Hitachi | 1 Tpi Server Base | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port.
|
|||||
| CVE-2006-5510 | 1 Bluevirus-design | 1 Ph Pexplorer | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code.
|
|||||
| CVE-2007-1236 | 1 Sitex | 1 Sitex | 2025-04-09 | 6.4 MEDIUM | N/A |
|
sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages.
|
|||||
| CVE-2007-4433 | 1 Aspindir | 1 Text File Search | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field.
|
|||||
| CVE-2007-3979 | 1 Netart Media | 1 Blog System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
|
|||||
| CVE-2007-3449 | 1 Gorani Network | 1 6alblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
|
|||||
| CVE-2007-1117 | 1 Microsoft | 1 Publisher | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
|
|||||
| CVE-2007-1670 | 1 Panda | 6 Panda Activescan, Panda Antivirus, Panda Platinum 2006 Internet Security and 3 more | 2025-04-09 | 7.8 HIGH | N/A |
|
Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
|
|||||
| CVE-2007-1296 | 1 Aj Square | 1 Aj Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
|
|||||
| CVE-2006-5448 | 1 Microsoft | 1 Windows Digital Rights Management | 2025-04-09 | 7.5 HIGH | N/A |
|
The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow.
|
|||||
| CVE-2007-2669 | 1 Globalmegacorp | 1 Phpchain | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. NOTE: certain parameter values also trigger path disclosure.
|
|||||
| CVE-2007-3070 | 1 Bdigital Web Solutions | 1 Webstudio Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter.
|
|||||
| CVE-2006-5551 | 1 Qksoft | 1 Qk Smtp | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command.
|
|||||
| CVE-2007-3659 | 1 Freewrl | 1 Freewrl | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allows local users to execute arbitrary code via a crafted BROWSER environment variable. NOTE: it is not clear whether this issue crosses privilege boundaries.
|
|||||
| CVE-2008-4699 | 1 Microsoft | 1 Peachtree Accounting | 2025-04-09 | 9.3 HIGH | N/A |
|
Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method.
|
|||||
| CVE-2007-3818 | 1 Drupal | 1 Logintoboggan Module | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."
|
|||||
| CVE-2009-3808 | 1 Kramware | 1 Mixsense Dj Studio | 2025-04-09 | 9.3 HIGH | N/A |
|
MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file.
|
|||||
| CVE-2007-0690 | 1 Myevent | 1 Myevent | 2025-04-09 | 5.0 MEDIUM | N/A |
|
myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages.
|
|||||