Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6831 | 1 Php | 1 Php | 2017-11-04 | 7.5 HIGH | 7.3 HIGH |
| Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. | |||||
| CVE-2016-1978 | 1 Mozilla | 2 Firefox, Network Security Services | 2017-11-04 | 7.5 HIGH | 7.3 HIGH |
| Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. | |||||
| CVE-2016-2222 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 5.0 MEDIUM | 8.6 HIGH |
| The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php. | |||||
| CVE-2016-1979 | 1 Mozilla | 2 Firefox, Network Security Services | 2017-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. | |||||
| CVE-2015-7550 | 1 Linux | 1 Linux Kernel | 2017-11-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. | |||||
| CVE-2002-0854 | 1 Suse | 1 Suse Linux | 2017-11-02 | 7.2 HIGH | N/A |
| Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the i4l package on SuSE 7.3, 8.0, and possibly other operating systems, may allow local users to gain privileges. | |||||
| CVE-1999-1365 | 1 Microsoft | 1 Windows Nt | 2017-10-26 | 7.2 HIGH | N/A |
| Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. | |||||
| CVE-2005-2769 | 1 Inter7 | 1 Sqwebmail | 2017-10-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail. | |||||
| CVE-2015-0289 | 1 Openssl | 1 Openssl | 2017-10-20 | 5.0 MEDIUM | N/A |
| The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. | |||||
| CVE-2014-3571 | 1 Openssl | 1 Openssl | 2017-10-20 | 5.0 MEDIUM | N/A |
| OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. | |||||
| CVE-2013-1902 | 1 Postgresql | 1 Postgresql | 2017-10-20 | 10.0 HIGH | N/A |
| PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X." | |||||
| CVE-2007-3646 | 1 Flashgamescript | 1 Flashgamescript | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action. | |||||
| CVE-2007-1612 | 1 Katalog Plyt Audio | 1 Katalog Plyt Audio | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter. | |||||
| CVE-2007-1613 | 1 Mpm Chat | 1 Mpm Chat | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter. | |||||
| CVE-2007-1615 | 1 Scriptmagix | 1 Scriptmagix Jokes | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-1616 | 1 Scriptmagix | 1 Scriptmagix Lyrics | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter. | |||||
| CVE-2007-1617 | 1 Scriptmagix | 1 Scriptmagix Recipes | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-1712 | 1 Active Web Softwares | 1 Active Auction House | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-1725 | 1 Icebb | 1 Icebb | 2017-10-19 | 9.3 HIGH | N/A |
| SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. | |||||
| CVE-2007-1726 | 1 Icebb | 1 Icebb | 2017-10-19 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/. | |||||
| CVE-2007-1846 | 1 Xoops | 1 Malaika System Myads Module | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341. | |||||
| CVE-2007-1867 | 1 Irfanview | 1 Irfanview | 2017-10-19 | 10.0 HIGH | N/A |
| Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file. | |||||
| CVE-2007-1910 | 1 Microsoft | 1 Word | 2017-10-19 | 6.8 MEDIUM | N/A |
| Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. | |||||
| CVE-2007-2086 | 1 Cnstats | 1 Cnstats | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/. | |||||
| CVE-2007-2303 | 1 News Manager Deluxe | 1 News Manager Deluxe | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. | |||||
| CVE-2007-2471 | 1 Sendcard | 1 Sendcard | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter. | |||||
| CVE-2007-2770 | 1 Qualcomm | 1 Eudora | 2017-10-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue. | |||||
| CVE-2007-2527 | 1 Dynamicpad | 1 Dynamicpad | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php. | |||||
| CVE-2007-2647 | 1 Monalbum | 1 Monalbum | 2017-10-19 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter. | |||||
| CVE-2007-2971 | 1 Greg Neustaetter | 1 Gcards | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2007-3068 | 1 Dvd X Studios | 1 Dvd X Player | 2017-10-19 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename. | |||||
| CVE-2007-3096 | 1 Pblang | 1 Pblang | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-3140 | 1 Wordpress | 1 Wordpress | 2017-10-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897. | |||||
| CVE-2007-3188 | 1 Geometrix Download Portal | 1 Geometrix Download Portal | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3214 | 1 E-vision | 1 E-vision Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter. | |||||
| CVE-2007-3251 | 1 E-vision | 1 E-vision Cms | 2017-10-19 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php. | |||||
| CVE-2007-3505 | 1 Qt-cute | 1 Quicktalk Forum | 2017-10-19 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php. | |||||
| CVE-2007-3683 | 1 Aigaion | 1 Aigaion | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter. | |||||
| CVE-2007-4279 | 1 Frontaccounting | 1 Frontaccounting | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter. | |||||
| CVE-2007-4362 | 1 Prozilla | 1 Webring | 2017-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-4377 | 1 Netwin | 1 Surgemail | 2017-10-19 | 6.0 MEDIUM | N/A |
| Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372. | |||||
| CVE-2007-0631 | 1 Eclectic Designs | 1 Cascadianfaq | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-0867 | 1 Site-assistant | 1 Site-assistant | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter. | |||||
| CVE-2007-1295 | 1 Aj Forum | 1 Aj Forum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter. | |||||
| CVE-2007-0904 | 1 Lightro | 1 Lightro Cms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php. | |||||
| CVE-2007-0786 | 1 Noname Media | 1 Photo Galerie Standard | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0633 | 1 T-systems Solutions For Research Gmbh | 1 Mynews | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter. | |||||
| CVE-2007-0637 | 1 Galeria Zdjec | 1 Galeria Zdjec | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php. | |||||
| CVE-2007-0785 | 1 Flipsource | 1 Flip | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | |||||
| CVE-2007-0638 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2017-10-19 | 5.0 MEDIUM | N/A |
| show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter. | |||||