Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0288 | 1 Openssl | 1 Openssl | 2017-11-15 | 5.0 MEDIUM | N/A |
| The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. | |||||
| CVE-2015-0250 | 3 Apache, Canonical, Redhat | 3 Batik, Ubuntu Linux, Jboss Enterprise Brms Platform | 2017-11-04 | 6.4 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. | |||||
| CVE-2015-3409 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2017-11-04 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module. | |||||
| CVE-2015-6670 | 1 Owncloud | 1 Owncloud | 2017-11-04 | 4.0 MEDIUM | N/A |
| ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php. | |||||
| CVE-2002-0854 | 1 Suse | 1 Suse Linux | 2017-11-02 | 7.2 HIGH | N/A |
| Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the i4l package on SuSE 7.3, 8.0, and possibly other operating systems, may allow local users to gain privileges. | |||||
| CVE-2005-2769 | 1 Inter7 | 1 Sqwebmail | 2017-10-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail. | |||||
| CVE-1999-1365 | 1 Microsoft | 1 Windows Nt | 2017-10-26 | 7.2 HIGH | N/A |
| Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. | |||||
| CVE-2014-3571 | 1 Openssl | 1 Openssl | 2017-10-20 | 5.0 MEDIUM | N/A |
| OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. | |||||
| CVE-2013-1902 | 1 Postgresql | 1 Postgresql | 2017-10-20 | 10.0 HIGH | N/A |
| PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X." | |||||
| CVE-2015-0289 | 1 Openssl | 1 Openssl | 2017-10-20 | 5.0 MEDIUM | N/A |
| The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. | |||||
| CVE-2007-0687 | 1 Michelle | 1 L2j Dropcalc | 2017-10-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter. | |||||
| CVE-2007-0867 | 1 Site-assistant | 1 Site-assistant | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter. | |||||
| CVE-2007-0697 | 1 Mentiss Acgv | 1 Acgvannu | 2017-10-19 | 6.4 MEDIUM | N/A |
| index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0825 | 1 Flashfxp | 1 Flashfxp | 2017-10-19 | 7.8 HIGH | N/A |
| FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow. | |||||
| CVE-2007-0701 | 1 Epistemon | 1 Epistemon | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | |||||
| CVE-2007-0865 | 1 Lushinews | 1 Lushinews | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0702 | 1 Phpeventman | 1 Phpeventman | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php. | |||||
| CVE-2007-0810 | 1 Geeklog | 1 Geeklog | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog. | |||||
| CVE-2007-0703 | 1 Webbuilder | 1 Webbuilder | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter. | |||||
| CVE-2007-0809 | 1 Ptirhiikmods | 1 Mod-ch | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0704 | 1 Somery | 1 Somery | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation. | |||||
| CVE-2007-0864 | 1 Lushiwarplaner | 1 Lushiwarplaner | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0757 | 1 Miguel Nunes | 1 Call Of Duty 2 Dreamstats System | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. | |||||
| CVE-2007-0804 | 1 Ggcms | 1 Ggcms | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file. | |||||
| CVE-2007-0848 | 1 Maian Recipe | 1 Maian Recipe | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. | |||||
| CVE-2007-1295 | 1 Aj Forum | 1 Aj Forum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter. | |||||
| CVE-2007-0760 | 1 Eqdkp | 1 Eqdkp | 2017-10-19 | 7.5 HIGH | N/A |
| EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer. | |||||
| CVE-2007-0812 | 1 Woltlab | 1 Burning Board Lite | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter. | |||||
| CVE-2007-0761 | 1 Phpbb | 1 Ezboard Converter | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter. | |||||
| CVE-2007-1059 | 1 Ultimate Fun Book | 1 Ultimate Fun Book | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error. | |||||
| CVE-2007-0576 | 1 Xt-stats | 1 Xt-stats | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter. | |||||
| CVE-2007-0847 | 1 Open Tibia Server Cms | 1 Open Tibia Server Cms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php. | |||||
| CVE-2007-0846 | 1 Open Tibia Server Cms | 1 Open Tibia Server Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter. | |||||
| CVE-2007-0845 | 1 Advanced Poll | 1 Advanced Poll | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1. | |||||
| CVE-2007-0839 | 1 Valarsoft | 1 Webmatic | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters. | |||||
| CVE-2007-0511 | 1 Phpxmldom | 1 Phpxmldom | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/. | |||||
| CVE-2007-0508 | 1 Bbclone | 1 Bbclone | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter. | |||||
| CVE-2007-0548 | 1 Karjasoft | 1 Sami Http Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects. | |||||
| CVE-2007-0797 | 1 Bluevirus-design | 1 Sma-db | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter. | |||||
| CVE-2007-0811 | 1 Microsoft | 1 Ie | 2017-10-19 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. | |||||
| CVE-2007-0504 | 1 Vote Pro | 1 Vote Pro | 2017-10-19 | 10.0 HIGH | N/A |
| Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632. | |||||
| CVE-2007-0762 | 1 Phpbb\+\+ | 1 Phpbb\+\+ | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0763 | 1 F3site | 1 F3site | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field. | |||||
| CVE-2007-0764 | 1 F3site | 1 F3site | 2017-10-19 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php. | |||||
| CVE-2007-0837 | 1 Agermenu | 1 Agermenu | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. | |||||
| CVE-2007-0765 | 1 Db Masters Multimedia | 1 Curium Cms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter. | |||||
| CVE-2007-0827 | 1 Alibaba | 1 Alipay Activex Control | 2017-10-19 | 6.8 MEDIUM | N/A |
| The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call. | |||||
| CVE-2007-0766 | 1 Remotesoft | 1 .net Explorer | 2017-10-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. | |||||
| CVE-2007-0826 | 1 Kisisel Site 2007 | 1 Kisisel Site Forum.asp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2007-0502 | 1 Webspell | 1 Webspell | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492. | |||||