Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4135 | 1 Nfsv4 | 1 Nfsidmap | 2025-04-09 | 6.2 MEDIUM | N/A |
|
The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.
|
|||||
| CVE-2007-3045 | 2 Hitachi, Hp | 3 Hi Ux We2, Tp1 Net Osi-tp-extended, Hp-ux | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port.
|
|||||
| CVE-2007-3229 | 1 Singapore | 1 Image Gallery Web Application | 2025-04-09 | 6.8 MEDIUM | N/A |
|
index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message.
|
|||||
| CVE-2006-5661 | 1 Virtech | 1 Netquery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
|
|||||
| CVE-2007-0883 | 1 Second Rule Llc | 1 Ip3 Netaccess | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2006-6329 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 4.9 MEDIUM | N/A |
|
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter.
|
|||||
| CVE-2006-5755 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task.
|
|||||
| CVE-2007-3568 | 1 Imlib | 1 Imlib | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.
|
|||||
| CVE-2009-2944 | 1 Ikiwiki | 1 Ikiwiki | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
|
|||||
| CVE-2006-4805 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.
|
|||||
| CVE-2007-3648 | 1 Valarsoft | 1 Webmatic | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-7153 | 1 Minibb | 1 Forum | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.
|
|||||
| CVE-2008-0887 | 1 Gnome | 1 Screensaver | 2025-04-09 | 4.7 MEDIUM | N/A |
|
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859.
|
|||||
| CVE-2007-2610 | 1 Openld | 1 Openld | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature, possibly the term parameter.
|
|||||
| CVE-2007-2074 | 1 Scramdisk 4 Linux | 1 Scramdisk 4 Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain privileges via mounted containers.
|
|||||
| CVE-2006-5156 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
|
|||||
| CVE-2007-1071 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.
|
|||||
| CVE-2007-0166 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 6.6 MEDIUM | N/A |
|
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.
|
|||||
| CVE-2007-0402 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
|||||
| CVE-2009-0897 | 1 Ibm | 1 Websphere Partner Gateway | 2025-04-09 | 4.0 MEDIUM | N/A |
|
IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script).
|
|||||
| CVE-2007-1404 | 1 Prosysinfo | 1 Tftp Server Tftpdwin | 2025-04-09 | 7.3 HIGH | N/A |
|
tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.
|
|||||
| CVE-2006-6711 | 1 Newxooper | 1 Newxooper | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
|
|||||
| CVE-2006-5289 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php.
|
|||||
| CVE-2007-4667 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
|
|||||
| CVE-2007-2198 | 1 Lan Management System | 1 Lan Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.
|
|||||
| CVE-2006-6471 | 1 Xerox | 1 Workcentre | 2025-04-09 | 10.0 HIGH | N/A |
|
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access.
|
|||||
| CVE-2006-6826 | 1 Personal .net Portal | 1 Personal .net Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak."
|
|||||
| CVE-2007-0914 | 1 Sun | 1 Solaris | 2025-04-09 | 7.1 HIGH | N/A |
|
Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.
|
|||||
| CVE-2006-5126 | 1 Powerportal | 1 Powerportal | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.
|
|||||
| CVE-2007-3972 | 1 Eset Software | 1 Nod32 Antivirus | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error.
|
|||||
| CVE-2009-2908 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
|
|||||
| CVE-2007-2245 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.
|
|||||
| CVE-2007-1731 | 1 Hpaftpd | 1 Hpaftpd | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP command.
|
|||||
| CVE-2007-0850 | 1 Syscp Team | 1 Syscp | 2025-04-09 | 7.5 HIGH | N/A |
|
scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.
|
|||||
| CVE-2007-4409 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives.
|
|||||
| CVE-2006-6385 | 1 Intel | 4 Pro 1000 Adapters, Pro 1000 Pcie Adapters, Pro 10 100 Adapters and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers.
|
|||||
| CVE-2006-5164 | 1 Sum Effect Software | 1 Digishop | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.
|
|||||
| CVE-2006-5066 | 1 Danphpsupport | 1 Danphpsupport | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php.
|
|||||
| CVE-2006-6189 | 1 Clicktech | 1 Clickblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter.
|
|||||
| CVE-2007-2343 | 1 Enterasys | 2 Netsight Console, Netsight Inventory Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.
|
|||||