Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3081 | 1 Comdev | 1 Comdev Ecommerce | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
|
|||||
| CVE-2007-3363 | 1 Ageet | 1 Agephone | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets.
|
|||||
| CVE-2006-7169 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter.
|
|||||
| CVE-2007-4029 | 2 Libvorbis, Rpath | 2 Libvorbis, Rpath Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
|
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
|
|||||
| CVE-2009-2174 | 1 Gupnp | 1 Gupnp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
|
|||||
| CVE-2007-1778 | 1 Eve-nuke | 1 Eve-nuke Forum | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-3562 | 1 Php Director | 1 Php Director | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-2678 | 1 Netsprint | 1 Netsprint Toolbar | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-2850 | 1 Citrix | 2 Access Essentials, Metaframe | 2025-04-09 | 10.0 HIGH | N/A |
|
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.
|
|||||
| CVE-2007-2242 | 4 Freebsd, Ietf, Netbsd and 1 more | 4 Freebsd, Ipv6, Netbsd and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
|
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
|
|||||
| CVE-2007-1631 | 1 Clbox | 1 Clbox | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use
|
|||||
| CVE-2006-5854 | 1 Novell | 1 Netware Client | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.
|
|||||
| CVE-2007-1430 | 1 Clip-share | 1 Clipshare | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter.
|
|||||
| CVE-2007-0173 | 1 L2j | 1 Statistik Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
|
|||||
| CVE-2007-3170 | 1 Uebimiau | 1 Uebimiau | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php.
|
|||||
| CVE-2007-1030 | 1 Niels Provos | 1 Libevent | 2025-04-09 | 7.8 HIGH | N/A |
|
Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.
|
|||||
| CVE-2007-0619 | 1 Chmlib | 1 Chmlib | 2025-04-09 | 9.3 HIGH | N/A |
|
chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.
|
|||||
| CVE-2008-1240 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
|
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.
|
|||||
| CVE-2007-1428 | 1 Php Labs | 1 Jobsitepro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter.
|
|||||
| CVE-2009-0389 | 1 Eztools-software | 1 Web On Windows Activex | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.
|
|||||
| CVE-2006-6624 | 1 Sambar | 1 Sambar Server | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command.
|
|||||
| CVE-2006-5950 | 1 Altools | 1 Alftp Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
|
|||||
| CVE-2006-3893 | 2 Casio, Newtone | 2 Photo Loader, Imagekit | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document.
|
|||||
| CVE-2007-0141 | 1 Yet Another Link Directory | 1 Yet Another Link Directory | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2009-2090 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors.
|
|||||
| CVE-2007-1484 | 1 Php | 1 Php | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.
|
|||||
| CVE-2007-0222 | 1 Oracle | 1 Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM0 ...
Show More |
|||||
| CVE-2007-0232 | 1 Jshop E-commerce | 1 Jshop Server | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.
|
|||||
| CVE-2007-1921 | 1 Nullsoft | 1 Winamp | 2025-04-09 | 9.3 HIGH | N/A |
|
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption.
|
|||||
| CVE-2007-0392 | 1 Ibm | 1 Aix | 2025-04-09 | 4.6 MEDIUM | N/A |
|
IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
|
|||||
| CVE-2007-3506 | 1 Freetype | 1 Freetype | 2025-04-09 | 7.5 HIGH | N/A |
|
The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug."
|
|||||
| CVE-2006-5257 | 1 Ciamos | 1 Ciamos Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter.
|
|||||
| CVE-2007-0337 | 1 Kgb | 1 Kgb | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.
|
|||||
| CVE-2009-4080 | 1 Sun | 2 Opensolaris, Sunos | 2025-04-09 | 2.1 LOW | N/A |
|
Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors.
|
|||||
| CVE-2007-2321 | 1 Silverstripe | 1 Silverstripe | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.
|
|||||
| CVE-2006-5011 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".
|
|||||
| CVE-2007-0708 | 1 Comodo | 1 Comodo Firewall Pro | 2025-04-09 | 7.2 HIGH | N/A |
|
cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.
|
|||||
| CVE-2006-6290 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command.
|
|||||
| CVE-2007-1550 | 1 Phpx | 1 Phpx | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news.php; the (5) cat_id, (6) topic_id, or (7) post_id parameter to (d) forums.php; or (8) the user_id parameter to (e) users.php.
|
|||||
| CVE-2007-2714 | 1 Matt Mullenweg | 1 Akismet | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.
|
|||||