Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6625 | 1 Moodle | 1 Moodle | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3682 | 1 Openld | 1 Openld | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-4003 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.
|
|||||
| CVE-2006-6604 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.
|
|||||
| CVE-2007-2001 | 1 Crea-book | 1 Crea-book | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.
|
|||||
| CVE-2007-2785 | 1 Esyndicat | 1 Esyndicat Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
|
manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action.
|
|||||
| CVE-2008-6775 | 1 Htc | 2 Touch Cruise, Touch Pro | 2025-04-09 | 7.1 HIGH | N/A |
|
HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204.
|
|||||
| CVE-2007-0838 | 1 Freeproxy | 1 Freeproxy | 2025-04-09 | 5.0 MEDIUM | N/A |
|
FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself.
|
|||||
| CVE-2006-7010 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
|
|||||
| CVE-2007-1590 | 1 Grandstream | 1 Budgetone 200 | 2025-04-09 | 7.8 HIGH | N/A |
|
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain.
|
|||||
| CVE-2006-4412 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.8 MEDIUM | N/A |
|
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.
|
|||||
| CVE-2007-2567 | 1 Taltech | 1 Tal Bar Code Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-1402 | 1 Rediff | 1 Toolbar | 2025-04-09 | 7.5 HIGH | N/A |
|
The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.
|
|||||
| CVE-2006-6784 | 1 Netbula | 1 Anyboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form.
|
|||||
| CVE-2007-2452 | 1 Gnu | 1 Findutils | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
|
|||||
| CVE-2006-6282 | 1 Vikingboard | 1 Vikingboard | 2025-04-09 | 9.3 HIGH | N/A |
|
members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if display_errors is enabled, but due to lack of details, even this is not clear.
|
|||||
| CVE-2007-1222 | 2 Apple, Parallels | 2 Mac Os X, Parallels Desktop | 2025-04-09 | 7.2 HIGH | N/A |
|
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.
|
|||||
| CVE-2007-1845 | 1 Php Fusion | 1 Expanded Calendar Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter.
|
|||||
| CVE-2006-5068 | 1 Brudaswen | 1 Brudanews | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter.
|
|||||
| CVE-2007-0679 | 1 Nicolas Grandjean | 1 Phpmyring | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.
|
|||||
| CVE-2007-4503 | 1 Joomla | 1 Nice Talk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
|
|||||
| CVE-2006-5805 | 1 Microsoft | 1 Ie | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.
|
|||||
| CVE-2007-3436 | 1 Microsoft | 2 Msn Messenger, Windows Xp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.
|
|||||
| CVE-2006-6285 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the externalConfig parameter. NOTE: CVE and other third parties dispute this vulnerability because $externalConfig is defined before use
|
|||||
| CVE-2007-3886 | 1 Netimage Media | 1 Element Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action.
|
|||||
| CVE-2007-1242 | 1 Audins Audiens | 1 Audins Audiens | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5752 | 4 Apache, Canonical, Fedoraproject and 1 more | 7 Http Server, Ubuntu Linux, Fedora and 4 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
|
|||||
| CVE-2007-4297 | 1 Aspindir | 1 Dersimiz Haber Ekleme Modulu | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6966 | 1 Phpgraphy | 1 Phpgraphy | 2025-04-09 | 7.5 HIGH | N/A |
|
phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerab ...
Show More |
|||||
| CVE-2009-0649 | 1 Nokia | 2 N95, Symbian S60 Browser | 2025-04-09 | 7.8 HIGH | N/A |
|
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
|
|||||
| CVE-2007-0702 | 1 Phpeventman | 1 Phpeventman | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.
|
|||||
| CVE-2007-0031 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
|
|||||
| CVE-2007-4247 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file.
|
|||||
| CVE-2007-1596 | 2 Joomla, Mambo | 2 Nfn Address Book, Nfn Address Book | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.
|
|||||
| CVE-2007-1526 | 1 Sun | 1 Java System Web Server | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors.
|
|||||
| CVE-2008-2109 | 1 Media-libs | 1 Libid3tag | 2025-04-09 | 5.0 MEDIUM | N/A |
|
field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.
|
|||||
| CVE-2006-6692 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.
|
|||||
| CVE-2007-2599 | 1 Wavelink Media | 1 Tutorialcms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.
|
|||||
| CVE-2006-7077 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.
|
|||||
| CVE-2006-5750 | 1 Jboss | 1 Jboss Application Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
|
|||||