Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1018 | 1 Virtualsystem | 1 Vs-news-system | 2008-11-15 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0823 | 1 Slackware | 1 Slackware Linux | 2008-11-15 | 1.9 LOW | N/A |
| xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability. | |||||
| CVE-2007-0840 | 1 Hlstats | 1 Hlstats | 2008-11-15 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454. | |||||
| CVE-2007-0852 | 1 Techexcel Inc. | 1 Devtrack | 2008-11-15 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0863 | 1 Trevorchan | 1 Trevorchan | 2008-11-15 | 10.0 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php. | |||||
| CVE-2007-0901 | 1 Moinmoin | 1 Moinmoin | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0868 | 1 Yahoo | 1 Messenger | 2008-11-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0869 | 1 Jelsoft | 1 Vbulletin | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0877 | 1 March Networks | 5 3108 Dvr, 3204 Dvr, 4210 Dvr and 2 more | 2008-11-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0902 | 1 Moinmoin | 1 Moinmoin | 2008-11-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0913 | 1 Microsoft | 1 Powerpoint | 2008-11-15 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. | |||||
| CVE-2007-0565 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2008-11-15 | 7.5 HIGH | N/A |
| CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors. | |||||
| CVE-2007-0604 | 1 Six Apart Ltd | 1 Movable Type | 2008-11-15 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. | |||||
| CVE-2007-0557 | 1 Rmake | 1 Rmake | 2008-11-15 | 7.2 HIGH | N/A |
| rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536. | |||||
| CVE-2007-0622 | 1 Mybb | 1 Mybb | 2008-11-15 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0759 | 1 Umberto Caldera | 1 Easymoblog | 2008-11-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php. | |||||
| CVE-2007-0367 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2008-11-15 | 4.6 MEDIUM | N/A |
| Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files. | |||||
| CVE-2007-0442 | 1 Ibm | 1 Os 400 | 2008-11-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain. | |||||
| CVE-2007-0308 | 1 Plain Black | 1 Webgui | 2008-11-15 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles. | |||||
| CVE-2007-0263 | 1 Total Commander | 1 Total Commander | 2008-11-15 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0166 | 1 Freebsd | 1 Freebsd | 2008-11-15 | 6.6 MEDIUM | N/A |
| The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. | |||||
| CVE-2007-0183 | 1 Sun | 1 Iplanet Web Server | 2008-11-15 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0264 | 1 Winzip | 1 Winzip | 2008-11-15 | 6.6 MEDIUM | N/A |
| Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0187 | 1 F5 | 1 Firepass | 2008-11-15 | 7.5 HIGH | N/A |
| F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. | |||||
| CVE-2007-0147 | 1 Cuyahoga | 1 Cuyahoga | 2008-11-15 | 5.0 MEDIUM | N/A |
| Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles. | |||||
| CVE-2006-7099 | 1 Solarpay | 1 Solarpay | 2008-11-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7002 | 1 Wheatblog | 1 Wheatblog | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195. | |||||
| CVE-2006-5877 | 2 Enigmail, Ubuntu | 2 Enigmail, Ubuntu Linux | 2008-11-15 | 7.8 HIGH | N/A |
| The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. | |||||
| CVE-2006-5141 | 1 Kevin A. Gordon | 1 Open Geo Targeting | 2008-11-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5090 | 1 Phoenix Evolution | 1 Phoenix Evolution Cms | 2008-11-15 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2005-2056 | 1 Clam Anti-virus | 1 Clamav | 2008-11-15 | 2.6 LOW | N/A |
| The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive. | |||||
| CVE-2005-1255 | 1 Ipswitch | 3 Imail, Imail Server, Ipswitch Collaboration Suite | 2008-11-15 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character. | |||||
| CVE-2005-1254 | 1 Ipswitch | 1 Imail | 2008-11-15 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. | |||||
| CVE-2005-1252 | 1 Ipswitch | 2 Imail, Imail Server | 2008-11-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. | |||||
| CVE-2005-1249 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2008-11-15 | 5.0 MEDIUM | N/A |
| The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop. | |||||
| CVE-2005-1256 | 1 Ipswitch | 3 Imail, Imail Server, Ipswitch Collaboration Suite | 2008-11-15 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name. | |||||
| CVE-2005-0392 | 1 Debian | 1 Ppxp | 2008-11-15 | 7.2 HIGH | N/A |
| ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. | |||||
| CVE-2007-4944 | 1 Opera | 1 Opera Browser | 2008-11-15 | 5.0 MEDIUM | N/A |
| The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript. | |||||
| CVE-2007-3604 | 1 Vtiger | 1 Vtiger Crm | 2008-11-13 | 4.0 MEDIUM | N/A |
| vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. | |||||
| CVE-2007-3617 | 1 Vtiger | 1 Vtiger Crm | 2008-11-13 | 4.0 MEDIUM | N/A |
| The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. | |||||
| CVE-2007-3603 | 1 Vtiger | 1 Vtiger Crm | 2008-11-13 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. | |||||
| CVE-2007-3335 | 1 Phpecho Cms | 1 Phpecho Cms | 2008-11-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-2906 | 1 Sun | 1 Java Embedding Plugin | 2008-11-13 | 5.0 MEDIUM | N/A |
| Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method. | |||||
| CVE-2007-2480 | 1 Linux | 1 Linux Kernel | 2008-11-13 | 4.6 MEDIUM | N/A |
| The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications. | |||||
| CVE-2007-2382 | 1 Mad4milk | 1 Moo.fx | 2008-11-13 | 5.0 MEDIUM | N/A |
| The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2318 | 1 Filezilla | 1 Filezilla | 2008-11-13 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2188 | 1 Extremail | 1 Extremail | 2008-11-13 | 10.0 HIGH | N/A |
| eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing. | |||||
| CVE-2007-2376 | 1 Dojo Toolkit | 1 Dojo Toolkit | 2008-11-13 | 5.0 MEDIUM | N/A |
| The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2378 | 1 Google | 1 Web Toolkit | 2008-11-13 | 5.0 MEDIUM | N/A |
| The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2269 | 1 Swsoft | 1 Plesk | 2008-11-13 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter. | |||||