Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1806 | 1 Red Mexico | 1 Rm\+soft Gallery | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmgallery) 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the idcat parameter. | |||||
| CVE-2007-1807 | 1 Peak Xoops | 1 Myalbum P | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-1808 | 1 Camportail | 1 Camportail | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action. | |||||
| CVE-2007-1809 | 1 Grafx Software | 1 Company Website Builder | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513. | |||||
| CVE-2007-1810 | 1 Kaotik | 1 Kshop | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1811 | 1 Chapi | 1 Tiny Event | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | |||||
| CVE-2007-1696 | 1 Active Web Softwares | 1 Active Newsletter | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter. | |||||
| CVE-2007-1697 | 1 Philex | 1 Philex | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter. | |||||
| CVE-2006-6102 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 X Server | 2017-10-11 | 10.0 HIGH | N/A |
| Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | |||||
| CVE-2007-0977 | 1 Ibm | 1 Lotus Domino | 2017-10-11 | 7.1 HIGH | N/A |
| IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428. | |||||
| CVE-2007-1481 | 1 Wbblog | 1 Wbblog | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd. | |||||
| CVE-2007-1479 | 1 Creative Guestbook | 1 Creative Guestbook | 2017-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | |||||
| CVE-2007-0976 | 1 Activex Soft | 1 Actsoft Dvd Tools | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value. | |||||
| CVE-2007-1394 | 1 Flat Chat | 1 Flat Chat | 2017-10-11 | 10.0 HIGH | N/A |
| Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0668 | 1 Sun | 1 Solaris | 2017-10-11 | 6.2 MEDIUM | N/A |
| The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service. | |||||
| CVE-2007-0001 | 1 Redhat | 1 Enterprise Linux | 2017-10-11 | 4.7 MEDIUM | N/A |
| The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. | |||||
| CVE-2007-1525 | 1 Dayfox Designs | 1 Dayfox Blog | 2017-10-11 | 6.8 MEDIUM | N/A |
| Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php. | |||||
| CVE-2006-7169 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter. | |||||
| CVE-2006-7007 | 1 H. Nomura | 1 Tiny Ftpd | 2017-10-11 | 7.8 HIGH | N/A |
| Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133. | |||||
| CVE-2007-1118 | 1 Efiction | 1 Efiction | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. | |||||
| CVE-2006-7128 | 1 Salims Softhouse | 1 Jaf Cms | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter. | |||||
| CVE-2007-1353 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer. | |||||
| CVE-2007-1392 | 1 Netforo | 1 Netforo | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter. | |||||
| CVE-2007-1487 | 3 Cyber Inside, Cyberteddy, Sascha Schroeder | 3 Weblog, Weblog, Weblog | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action. | |||||
| CVE-2006-7194 | 1 Republique Francaise | 1 Agora | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter. | |||||
| CVE-2007-1075 | 1 Turbosoft | 1 Turboftp | 2017-10-11 | 7.8 HIGH | N/A |
| TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters. | |||||
| CVE-2007-1297 | 1 Aj Square | 1 Ajdating | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2007-1596 | 2 Joomla, Mambo | 2 Nfn Address Book, Nfn Address Book | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. | |||||
| CVE-2007-0396 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.1 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors. | |||||
| CVE-2007-1025 | 1 Virtualsystem | 1 Vs-link-partner | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter. | |||||
| CVE-2007-0949 | 1 Itinysoft Studio | 1 Total Video Player | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected. | |||||
| CVE-2007-1079 | 1 Rhinosoft | 1 Ftp Voyager | 2017-10-11 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command. | |||||
| CVE-2007-1556 | 1 Thecreativeheads.de | 1 Creative Files | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter. | |||||
| CVE-2007-1074 | 1 Dji | 1 Newsbin Pro | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. | |||||
| CVE-2006-5567 | 1 Nullsoft | 1 Winamp | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags. | |||||
| CVE-2006-6056 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image. | |||||
| CVE-2006-6161 | 1 Doug Luxem | 1 Liberum Help Desk | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5462 | 1 Mozilla | 4 Firefox, Network Security Services, Seamonkey and 1 more | 2017-10-11 | 6.4 MEDIUM | N/A |
| Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340. | |||||
| CVE-2006-7203 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.0 MEDIUM | N/A |
| The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs"). | |||||
| CVE-2007-1516 | 1 Cicoandcico | 1 Ccmail | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter. | |||||
| CVE-2006-6054 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.0 MEDIUM | N/A |
| The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum. | |||||
| CVE-2007-0917 | 1 Cisco | 1 Ios | 2017-10-11 | 6.4 MEDIUM | N/A |
| The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. | |||||
| CVE-2006-7071 | 1 Invision Power Services | 1 Invision Power Board | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter. | |||||
| CVE-2007-0914 | 1 Sun | 1 Solaris | 2017-10-11 | 7.1 HIGH | N/A |
| Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors. | |||||
| CVE-2007-1130 | 1 Scipter.ch | 1 Gastebuch | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||||
| CVE-2007-1131 | 1 Scripter.ch | 1 Sinapis Forum | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||||
| CVE-2007-1566 | 1 Netvios | 1 Netvios | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954. | |||||
| CVE-2007-1133 | 1 Scripter.ch | 1 Fcring | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter. | |||||
| CVE-2007-1023 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-7069 | 1 Socketwiz | 1 Bookmarks | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter. | |||||