Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1553 | 1 Guestbara | 1 Guestbara | 2017-10-11 | 5.0 MEDIUM | N/A |
| admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters. | |||||
| CVE-2007-1296 | 1 Aj Square | 1 Aj Classifieds | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter. | |||||
| CVE-2006-6103 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 | 2017-10-11 | 6.6 MEDIUM | N/A |
| Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | |||||
| CVE-2006-6102 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 X Server | 2017-10-11 | 10.0 HIGH | N/A |
| Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | |||||
| CVE-2007-1010 | 1 Zebrafeeds | 1 Zebrafeeds | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/. | |||||
| CVE-2006-5989 | 1 Mod Auth Kerb | 1 Mod Auth Kerb | 2017-10-11 | 5.0 MEDIUM | N/A |
| Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. | |||||
| CVE-2006-6101 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 | 2017-10-11 | 6.6 MEDIUM | N/A |
| Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. | |||||
| CVE-2007-1297 | 1 Aj Square | 1 Ajdating | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2007-1298 | 1 Aj Square | 1 Ajauction | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | |||||
| CVE-2007-1299 | 1 Mani Stats Reader | 1 Mani Stats Reader | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter. | |||||
| CVE-2007-1438 | 1 X-ice | 1 News System | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0396 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.1 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors. | |||||
| CVE-2006-7176 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2017-10-11 | 4.3 MEDIUM | N/A |
| The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. | |||||
| CVE-2006-7183 | 1 Photography-on-the-net | 1 Exhibit Engine 2 | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | |||||
| CVE-2007-1258 | 1 Cisco | 4 Catalyst 6000, Catalyst 6500, Catalyst 7600 and 1 more | 2017-10-11 | 6.1 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet. | |||||
| CVE-2006-7185 | 1 Cmsmelborp | 1 Cmsmelborp | 2017-10-11 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter. | |||||
| CVE-2007-1195 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728. | |||||
| CVE-2006-7169 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter. | |||||
| CVE-2007-1189 | 1 Bell Labs | 1 Plan 9 | 2017-10-11 | 7.2 HIGH | N/A |
| Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions. | |||||
| CVE-2007-1162 | 1 Common Controls Replacement Project | 1 Browsedialog Server | 2017-10-11 | 7.8 HIGH | N/A |
| A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371. | |||||
| CVE-2006-5567 | 1 Nullsoft | 1 Winamp | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags. | |||||
| CVE-2007-1398 | 2 Linux, Snort | 2 Linux Kernel, Snort | 2017-10-11 | 7.1 HIGH | N/A |
| The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet. | |||||
| CVE-2007-1219 | 1 Admin Phorum | 1 Admin Phorum | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2006-7152 | 1 Asp-nuke | 1 Asp-nuke | 2017-10-11 | 8.5 HIGH | N/A |
| default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values. | |||||
| CVE-2007-1425 | 1 Triexa | 1 Sonicmailer Pro | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action. | |||||
| CVE-2007-1568 | 1 Daansystems | 1 Newsreactor | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename. | |||||
| CVE-2007-0949 | 1 Itinysoft Studio | 1 Total Video Player | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected. | |||||
| CVE-2006-7194 | 1 Republique Francaise | 1 Agora | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter. | |||||
| CVE-2006-7136 | 1 Phppc | 1 Php Poll Creator | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755. | |||||
| CVE-2007-0239 | 1 Openoffice | 1 Openoffice | 2017-10-11 | 9.3 HIGH | N/A |
| OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. | |||||
| CVE-2007-1403 | 1 Macromedia | 1 Shockwave | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885. | |||||
| CVE-2007-1404 | 1 Prosysinfo | 1 Tftp Server Tftpdwin | 2017-10-11 | 7.3 HIGH | N/A |
| tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948. | |||||
| CVE-2006-5595 | 1 Wireshark | 1 Wireshark | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing. | |||||
| CVE-2007-1301 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2017-10-11 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423. | |||||
| CVE-2006-7203 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.0 MEDIUM | N/A |
| The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs"). | |||||
| CVE-2007-1353 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer. | |||||
| CVE-2006-7132 | 1 Cynux Softwares | 1 Phpmydesk | 2017-10-11 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php. | |||||
| CVE-2007-1130 | 1 Scipter.ch | 1 Gastebuch | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||||
| CVE-2007-1525 | 1 Dayfox Designs | 1 Dayfox Blog | 2017-10-11 | 6.8 MEDIUM | N/A |
| Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php. | |||||
| CVE-2007-1131 | 1 Scripter.ch | 1 Sinapis Forum | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||||
| CVE-2006-7210 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2017-10-11 | 5.0 MEDIUM | N/A |
| Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. | |||||
| CVE-2006-7128 | 1 Salims Softhouse | 1 Jaf Cms | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter. | |||||
| CVE-2007-1007 | 2 Ekiga, Redhat | 3 Ekiga, Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 10.0 HIGH | N/A |
| Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | |||||
| CVE-2006-7119 | 1 Phpgiggle | 1 Phpgiggle | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter. | |||||
| CVE-2006-7226 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 4.3 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash). | |||||
| CVE-2006-7107 | 1 Coalescent Systems | 1 Freepbx | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter. | |||||
| CVE-2007-0242 | 1 Qt | 1 Qt | 2017-10-11 | 4.3 MEDIUM | N/A |
| The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. | |||||
| CVE-2006-7101 | 1 Phpwind | 1 Phpwind | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie. | |||||
| CVE-2007-1118 | 1 Efiction | 1 Efiction | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. | |||||
| CVE-2007-1014 | 1 Vicftps | 1 Vicftps | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command. | |||||