Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0903 | 1 Process-one | 1 Ejabberd | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.
|
|||||
| CVE-2006-6608 | 1 Hp | 2 Proliant Integrated Lights Out, Proliant Integrated Lights Out 2 | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access."
|
|||||
| CVE-2007-3741 | 2 Gnu, Mandriva | 2 Gimp, Linux | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
|
|||||
| CVE-2007-2168 | 1 Aimstats | 1 Aimstats | 2025-04-09 | 7.5 HIGH | N/A |
|
Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0717 | 1 Apple | 1 Quicktime | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
|
|||||
| CVE-2006-4686 | 1 Microsoft | 2 Xml Core Services, Xml Parser | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
|
|||||
| CVE-2007-1506 | 1 Oracle | 1 Application Server Portal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.
|
|||||
| CVE-2008-0175 | 1 Ge Fanuc | 1 Proficy Real-time Information Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.
|
|||||
| CVE-2006-6394 | 1 Jonas Gauffin | 1 Publicera | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2006-5285 | 1 Xeoport | 1 Xeoport | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter.
|
|||||
| CVE-2006-4413 | 1 Apple | 1 Remote Desktop | 2025-04-09 | 7.2 HIGH | N/A |
|
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.
|
|||||
| CVE-2006-5409 | 1 Mobilesecure Inc | 2 Highwall Endpoint, Highwall Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2006-5637 | 1 Faq Administrator | 1 Faq Administrator | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter.
|
|||||
| CVE-2007-3201 | 1 Winpt | 1 Winpt | 2025-04-09 | 7.1 HIGH | N/A |
|
Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID.
|
|||||
| CVE-2007-2593 | 1 Microsoft | 2 Terminal Server, Windows 2003 Server | 2025-04-09 | 7.5 HIGH | N/A |
|
The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
|
|||||
| CVE-2009-3006 | 1 Maxthon | 1 Maxthon Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
|
|||||
| CVE-2007-0546 | 1 Toxiclab | 1 Shoutbox | 2025-04-09 | 7.8 HIGH | N/A |
|
Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.
|
|||||
| CVE-2010-0279 | 1 Bts-gi.net | 1 Read Excel | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2119 | 1 Oracle | 2 Application Server, Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.
|
|||||
| CVE-2006-5212 | 1 Trend Micro | 1 Officescan | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
|
|||||
| CVE-2009-1166 | 1 Cisco | 1 Catalyst | 2025-04-09 | 7.8 HIGH | N/A |
|
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708 ...
Show More |
|||||
| CVE-2006-5372 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS11 for Oracle Universal Work Queue and (2) APPS12 for Oracle Application Object Library.
|
|||||
| CVE-2006-7212 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.
|
|||||
| CVE-2006-6485 | 1 Shopsite | 1 Shopsite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the prevlocation parameter in shopper/sc/registration.cgi and other unspecified vectors.
|
|||||
| CVE-2007-0797 | 1 Bluevirus-design | 1 Sma-db | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter.
|
|||||
| CVE-2006-6648 | 1 Planetluc.com | 1 Rateme | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter.
|
|||||
| CVE-2006-5947 | 1 Conxint | 1 Conxint Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
|
|||||
| CVE-2006-6272 | 1 Paul Griffin | 1 Simple Php Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
|
|||||
| CVE-2006-5443 | 1 Xiao Gang | 1 Www Interactive Mathematics Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."
|
|||||
| CVE-2006-7149 | 1 Mambo | 1 Mambo | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php.
|
|||||
| CVE-2007-6592 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
|
|||||
| CVE-2007-2891 | 1 Firmworx | 1 Firmworx | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.
|
|||||
| CVE-2007-0445 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.
|
|||||
| CVE-2007-3111 | 2 Microsoft, Provideo | 3 Internet Explorer, Windows 2000, Camimage Activex Control | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
|
|||||
| CVE-2007-3571 | 1 Novell | 2 Groupwise, Netware | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
|
|||||
| CVE-2007-1658 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 9.3 HIGH | N/A |
|
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).
|
|||||
| CVE-2007-2974 | 1 Avira | 2 Antivir, Av Pack | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around."
|
|||||
| CVE-2007-3517 | 1 Claroline | 1 Claroline | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts.
|
|||||
| CVE-2007-4093 | 1 Minb | 1 Minb Is Not A Blog | 2025-04-09 | 7.8 HIGH | N/A |
|
Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db.
|
|||||
| CVE-2007-1471 | 1 Orion-blog | 1 Orion-blog | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.
|
|||||