Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6898 | 1 Broadcom | 1 Widcomm Bluetooth | 2025-04-09 | 7.8 HIGH | N/A |
|
Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack.
|
|||||
| CVE-2007-0371 | 1 Common Controls Replacement Project | 1 Browsedialog Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value.
|
|||||
| CVE-2006-6931 | 1 Snort | 1 Snort | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack."
|
|||||
| CVE-2006-6716 | 1 Eric Guillaume | 1 Upload Download De Fichiers | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in administration/administre2.php in Eric GUILLAUME uploader&downloader 3 allows remote attackers to execute arbitrary SQL commands via the id_user parameter.
|
|||||
| CVE-2006-5459 | 1 Alex | 1 Downloadengine | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291. NOTE: CVE analysis as of 20061021 is inconclusive ...
Show More |
|||||
| CVE-2007-1342 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.
|
|||||
| CVE-2007-3619 | 1 Maia Mailguard | 1 Maia Mailguard | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2006-7076 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.
|
|||||
| CVE-2007-0817 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
|
|||||
| CVE-2007-1829 | 1 Web-app.net | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "[having] other [security] issues too, not as bad as letting users take over your admin account, but bad too."
|
|||||
| CVE-2007-3361 | 1 Nortel | 1 Pc Client Soft Phone Sip | 2025-04-09 | 7.8 HIGH | N/A |
|
The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header.
|
|||||
| CVE-2007-3815 | 1 Republike Slovenije | 1 Pirs | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment.
|
|||||
| CVE-2007-0597 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.
|
|||||
| CVE-2007-3162 | 1 Westbyte | 1 Internet Download Accelerator | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
|
|||||
| CVE-2007-1185 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.
|
|||||
| CVE-2008-0001 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 3.6 LOW | N/A |
|
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
|
|||||
| CVE-2007-2378 | 1 Google | 1 Web Toolkit | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
|
|||||
| CVE-2006-4391 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.
|
|||||
| CVE-2006-5917 | 1 Omnistar Interactive | 1 Omnistar Article Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in OmniStar Article Manager allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in (a) articles/comments.php and (b) articles/article.php, and the (2) page_id parameter in (c) articles/pages.php.
|
|||||
| CVE-2007-3518 | 1 Hispah | 1 Youtube Clone Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-4204 | 1 Hitachi | 3 Groupmax Collaboration Portal, Groupmax Collaboration Web Client, Ucosminexus Collaboration Portal | 2025-04-09 | 3.5 LOW | N/A |
|
Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collaboration Portal 07-32 through 07-32-/B, uCosminexus Collaboration Portal 06-32 through 06-32-/B, and Groupmax Collaboration Web Client - Mail/Schedule 07-32 through 07-32-/A, can assign schedule data to the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information.
|
|||||
| CVE-2007-4408 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.
|
|||||
| CVE-2006-6539 | 1 Flippet.org | 1 Winamp Web Interface | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, ...
Show More |
|||||
| CVE-2007-1190 | 1 Bsalsa | 1 Embeddedwb Web Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0336 | 1 Rixstep | 1 Undercover | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition.
|
|||||
| CVE-2007-4354 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2007-1255 | 1 Connectix | 1 Connectix Boards | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.
|
|||||
| CVE-2007-2658 | 1 Id Automation | 1 Linear Barcode | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ActiveX control in IDAutomationLinear6.dll allows remote attackers to cause a denial of service via a long argument to the SaveEnhWMF method.
|
|||||
| CVE-2007-3561 | 1 Webixir | 1 Efendy Blog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5898 | 1 Phpheaven | 1 Phpmychat | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in localization/languages.lib.php3 in PhpMyChat 0.14.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter.
|
|||||
| CVE-2006-7119 | 1 Phpgiggle | 1 Phpgiggle | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter.
|
|||||
| CVE-2007-3065 | 1 Particle Soft | 1 Particle Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862.
|
|||||
| CVE-2006-6194 | 1 Fisasp.com | 1 Ultimate Survey Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.
|
|||||
| CVE-2006-6228 | 1 Codewalkers | 1 Ltwcalendar | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
|
|||||
| CVE-2007-0589 | 1 Forum Livre | 1 Forum Livre | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp.
|
|||||
| CVE-2006-5988 | 1 Microsoft | 1 Windows 2000 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifie ...
Show More |
|||||
| CVE-2007-3406 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.
|
|||||
| CVE-2006-6665 | 1 Astonsoft | 1 Deepburner | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file.
|
|||||
| CVE-2006-5771 | 1 Arkoon | 1 Ssl360 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-4418 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 5.5 MEDIUM | N/A |
|
IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details.
|
|||||