Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
|
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.
|
|||||
| CVE-2007-4528 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE.
|
|||||
| CVE-2006-6378 | 1 Widcomm | 1 Btsavemysql | 2025-04-09 | 7.5 HIGH | N/A |
|
BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests.
|
|||||
| CVE-2006-5151 | 1 Hp | 1 Hp-ux | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.
|
|||||
| CVE-2007-0513 | 1 Hitachi | 5 Hirdb Datareplicator, Hirdb Parallel Server, Hirdb Single Server and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data.
|
|||||
| CVE-2007-0614 | 1 Apple | 3 Ichat, Instant Message Framework, Mac Os X | 2025-04-09 | 7.8 HIGH | N/A |
|
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
|
|||||
| CVE-2007-3312 | 1 Efstratios Geroulis | 1 Jasmine Cms | 2025-04-09 | 9.0 HIGH | N/A |
|
Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
|
|||||
| CVE-2007-1477 | 1 Oscommerce | 1 Php Point Of Sale | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation
|
|||||
| CVE-2007-3689 | 1 Drupal | 1 Print Module | 2025-04-09 | 7.8 HIGH | N/A |
|
The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
|
|||||
| CVE-2007-0281 | 1 Oracle | 3 Application Server, Collaboration Suite, Http Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.
|
|||||
| CVE-2008-4407 | 1 Debian | 1 Xsabre | 2025-04-09 | 2.1 LOW | N/A |
|
XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten.
|
|||||
| CVE-2008-2009 | 2 Canonical, Xiph.org | 2 Ubuntu Linux, Libvorbis | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
|
|||||
| CVE-2006-5396 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.
|
|||||
| CVE-2007-2002 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.
|
|||||
| CVE-2007-3837 | 1 Hydrairc | 1 Hydrairc | 2025-04-09 | 7.8 HIGH | N/A |
|
Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC servers to cause a denial of service (application crash) via a long CTCP request message containing '%' (percent) characters.
|
|||||
| CVE-2007-2316 | 1 Open Business Management | 1 Open Business Management | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."
|
|||||
| CVE-2006-6649 | 1 Hypervm | 1 Hypervm | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the severity of the issue, or its existence.
|
|||||
| CVE-2007-0007 | 1 Gnucash | 1 Gnucash | 2025-04-09 | 3.6 LOW | N/A |
|
gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.
|
|||||
| CVE-2006-6284 | 1 Vikingboard | 1 Vikingboard | 2025-04-09 | 9.0 HIGH | N/A |
|
Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the act parameter.
|
|||||
| CVE-2006-6874 | 1 Endonesia | 1 Endonesia | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3043 | 1 Hitachi | 3 Groupmax Collaboration Portal, Groupmax Collaboration Web Client, Ucosminexus Collaboration Portal | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-2585 | 1 Barcodewiz | 1 Barcode Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument.
|
|||||
| CVE-2006-5073 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.
|
|||||
| CVE-2006-6789 | 1 Phpbbxtra | 1 Phpbbxtra | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2006-5499 | 1 Serendipity | 1 Serendipity | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
|
|||||
| CVE-2007-1475 | 1 Php | 1 Php | 2025-04-09 | 5.4 MEDIUM | N/A |
|
Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.
|
|||||
| CVE-2007-3793 | 1 Hitachi | 1 Jp1-netm-dm Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-2904 | 1 Sun | 1 Java System Messaging Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.
|
|||||
| CVE-2007-2835 | 2 Debian, Unicon-imc2 | 2 Debian Linux, Unicon-imc2 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable.
|
|||||
| CVE-2006-5965 | 1 Passgo | 1 Sso Plus | 2025-04-09 | 4.6 MEDIUM | N/A |
|
PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs.
|
|||||
| CVE-2007-1618 | 1 Scriptmagix | 1 Scriptmagix Faq Builder | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2006-6496 | 1 Broadcom | 2 Etrust Antivirus, Internet Security Suite | 2025-04-09 | 6.6 MEDIUM | N/A |
|
The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows local users with administrative access to cause a denial of service (system crash) via certain IOCTLs.
|
|||||
| CVE-2007-3702 | 1 Mail Machine | 1 Mail Machine | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.
|
|||||
| CVE-2007-1957 | 1 Guernion Sylvain Portail | 1 Web Php | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/.
|
|||||
| CVE-2007-3934 | 1 Bbs | 1 E-market | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter.
|
|||||
| CVE-2007-2717 | 1 Igeneric | 1 Ig Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.
|
|||||
| CVE-2007-1146 | 1 Delmaa.com | 1 Arabhost | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
|
|||||
| CVE-2007-2636 | 1 Jason Frisvold | 1 Phptodo | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4498 | 1 Grandstream | 1 Sip Phone | 2025-04-09 | 7.8 HIGH | N/A |
|
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message.
|
|||||
| CVE-2007-3142 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
|
|||||