Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0933 | 2 D-link, Microsoft | 2 Dwl-g650\+, Windows Xp | 2017-07-29 | 7.8 HIGH | N/A |
| Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. | |||||
| CVE-2007-0404 | 1 Django Project | 1 Django | 2017-07-29 | 7.5 HIGH | N/A |
| bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file. | |||||
| CVE-2007-0405 | 1 Django Project | 1 Django | 2017-07-29 | 6.5 MEDIUM | N/A |
| The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user. | |||||
| CVE-2007-0406 | 1 Gxine | 1 Gxine | 2017-07-29 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0407 | 1 Plain Black | 1 Webgui | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed. | |||||
| CVE-2007-0915 | 1 Hp | 1 Hp-ux | 2017-07-29 | 10.0 HIGH | N/A |
| Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request. | |||||
| CVE-2007-0903 | 1 Process-one | 1 Ejabberd | 2017-07-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors. | |||||
| CVE-2007-0897 | 1 Clam Anti-virus | 1 Clamav | 2017-07-29 | 4.3 MEDIUM | N/A |
| Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | |||||
| CVE-2007-1137 | 1 Sourceforge | 1 Putmail | 2017-07-29 | 5.0 MEDIUM | N/A |
| putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information. | |||||
| CVE-2007-0884 | 1 Roaring Penguin | 1 Mimedefang | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-0879 | 1 Smidgeonsoft | 1 Pebrowse | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0872 | 1 Plain Old Webserver | 1 Plain Old Webserver | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2007-1173 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. | |||||
| CVE-2007-1174 | 1 Web-app.org | 1 Webapp | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0900 | 1 Tagit | 1 Tagboard | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249. | |||||
| CVE-2007-1176 | 1 Web-app.org | 1 Webapp | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer. | |||||
| CVE-2007-0857 | 1 Moinmoin | 1 Moinmoin | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action. | |||||
| CVE-2006-6301 | 1 Denyhosts | 1 Denyhosts | 2017-07-29 | 5.0 MEDIUM | N/A |
| DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression. | |||||
| CVE-2006-7193 | 1 Smarty | 1 Smarty | 2017-07-29 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant. | |||||
| CVE-2007-0125 | 1 Kaspersky Lab | 1 Kaspersky Antivirus Engine | 2017-07-29 | 5.0 MEDIUM | N/A |
| Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file. | |||||
| CVE-2006-7209 | 1 Zoneo-soft | 1 Phptraffica | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics. | |||||
| CVE-2007-0114 | 1 Sun | 1 Java System Content Delivery Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors. | |||||
| CVE-2007-0101 | 1 Spine | 1 Spine | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0096 | 1 Carbon Communities | 1 Carbon Communities | 2017-07-29 | 7.5 HIGH | N/A |
| CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. | |||||
| CVE-2007-0137 | 1 Serendipitynz | 2 Serene Bach, Serene Bach Sb | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-7155 | 1 Novell | 1 Bordermanager | 2017-07-29 | 7.5 HIGH | N/A |
| Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286. | |||||
| CVE-2007-0003 | 1 Andrew Morgan | 1 Linux Pam | 2017-07-29 | 7.2 HIGH | N/A |
| pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters. | |||||
| CVE-2006-7135 | 1 Php Poll Creator | 1 Php Poll Creator | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7134 | 1 Noah Spurrier | 1 Upload Tool For Php | 2017-07-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0085 | 1 Openbsd | 1 Openbsd | 2017-07-29 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference. | |||||
| CVE-2007-0007 | 1 Gnucash | 1 Gnucash | 2017-07-29 | 3.6 LOW | N/A |
| gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files. | |||||
| CVE-2006-7133 | 1 Php Upload Tool | 1 Php Upload Tool | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in upload/bin/download.php in Upload Tool for PHP 1.0 allows remote attackers to read arbitrary files via (1) ".." sequences or (2) absolute pathnames in the filename parameter. | |||||
| CVE-2007-0108 | 1 Novell | 1 Client | 2017-07-29 | 6.0 MEDIUM | N/A |
| nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. | |||||
| CVE-2006-7121 | 1 Linksys | 1 Spa921 | 2017-07-29 | 7.8 HIGH | N/A |
| The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication. | |||||
| CVE-2006-7111 | 1 Futomis Cgi Cafe | 1 Kmail Cgi | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors. | |||||
| CVE-2006-7110 | 1 Drupal | 1 Imce Module | 2017-07-29 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences. | |||||
| CVE-2006-7109 | 1 Drupal | 1 Imce Module | 2017-07-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. | |||||
| CVE-2007-0019 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2017-07-29 | 6.5 MEDIUM | N/A |
| Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service. | |||||
| CVE-2007-0131 | 1 Jamwiki | 1 Jamwiki | 2017-07-29 | 7.5 HIGH | N/A |
| JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki. | |||||
| CVE-2007-0021 | 1 Apple | 1 Ichat | 2017-07-29 | 7.5 HIGH | N/A |
| Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. | |||||
| CVE-2007-0022 | 1 Apple | 1 Mac Os X | 2017-07-29 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program. | |||||
| CVE-2007-0023 | 1 Apple | 1 Mac Os X | 2017-07-29 | 6.9 MEDIUM | N/A |
| The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user. | |||||
| CVE-2006-7096 | 1 Klink | 1 Dim3 | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | |||||
| CVE-2006-7095 | 1 Klink | 1 Dim3 | 2017-07-29 | 10.0 HIGH | N/A |
| Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow. | |||||
| CVE-2007-0047 | 1 Adobe | 1 Acrobat Reader | 2017-07-29 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | |||||
| CVE-2007-0068 | 1 Ibm | 1 Lotus Domino | 2017-07-29 | 9.3 HIGH | N/A |
| IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database. | |||||
| CVE-2007-0095 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-29 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. | |||||
| CVE-2006-7088 | 1 Simple Php Forum | 1 Simple Php Forum | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php. | |||||
| CVE-2006-7085 | 1 Rigter Portal System | 1 Rigter Portal System | 2017-07-29 | 4.3 MEDIUM | N/A |
| Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely. | |||||
| CVE-2006-7083 | 1 Rigter Portal System | 1 Rigter Portal System | 2017-07-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter. | |||||