Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1412 | 1 Php | 1 Php | 2017-10-11 | 7.8 HIGH | N/A |
| The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument. | |||||
| CVE-2006-7234 | 1 Lynx | 1 Lynx | 2017-10-11 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. | |||||
| CVE-2006-7081 | 1 Phpnews | 1 Phpnews | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to (1) Include/lib.inc.php3 and (2) Include/variables.php3. | |||||
| CVE-2006-7080 | 1 Exv2 | 1 Content Management System | 2017-10-11 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter. | |||||
| CVE-2007-0001 | 1 Redhat | 1 Enterprise Linux | 2017-10-11 | 4.7 MEDIUM | N/A |
| The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. | |||||
| CVE-2007-1133 | 1 Scripter.ch | 1 Fcring | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter. | |||||
| CVE-2007-0006 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 1.9 LOW | N/A |
| The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion." | |||||
| CVE-2007-1516 | 1 Cicoandcico | 1 Ccmail | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter. | |||||
| CVE-2007-1393 | 1 Geo Soft | 1 Magic Cms | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2006-6056 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image. | |||||
| CVE-2007-1569 | 1 Newsbin Pro | 1 Newsbin Pro | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1382 | 2 Microsoft, Php | 2 All Windows, Com Extensions | 2017-10-11 | 6.8 MEDIUM | N/A |
| The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode. | |||||
| CVE-2006-5754 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation. | |||||
| CVE-2006-7079 | 1 Exv2 | 1 Content Management System | 2017-10-11 | 6.8 MEDIUM | N/A |
| Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable. | |||||
| CVE-2007-1578 | 1 Atrium Software | 1 Mercur Imapd | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow. | |||||
| CVE-2007-1224 | 1 Grok Developments | 1 Netproxy | 2017-10-11 | 5.0 MEDIUM | N/A |
| Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80). | |||||
| CVE-2007-1372 | 1 Postguestbook | 1 Postguestbook | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter. | |||||
| CVE-2006-7071 | 1 Invision Power Services | 1 Invision Power Board | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter. | |||||
| CVE-2007-1410 | 1 Gaziyapboz | 1 Game Portal | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter. | |||||
| CVE-2006-7069 | 1 Socketwiz | 1 Bookmarks | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter. | |||||
| CVE-2006-6054 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.0 MEDIUM | N/A |
| The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum. | |||||
| CVE-2007-0999 | 1 Gnome | 1 Ekiga | 2017-10-11 | 9.3 HIGH | N/A |
| Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. | |||||
| CVE-2006-7068 | 1 Cliserv | 1 Web Community | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3. | |||||
| CVE-2007-1501 | 1 Avant Force | 1 Avant Browser | 2017-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header. | |||||
| CVE-2007-1108 | 1 Cs-gallery | 1 Cs-gallery | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. | |||||
| CVE-2007-1497 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 5.0 MEDIUM | N/A |
| nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | |||||
| CVE-2007-1496 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | |||||
| CVE-2006-7063 | 1 Tinyphpforum | 1 Tinyphpforum | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter. | |||||
| CVE-2007-1225 | 1 Grok Developments | 1 Netproxy | 2017-10-11 | 10.0 HIGH | N/A |
| The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection. | |||||
| CVE-2007-1106 | 1 Nomoketos Rules | 1 Nomoketos Rules | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1105 | 1 Extreme Phpbb | 1 Extreme Phpbb | 2017-10-11 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1375 | 1 Php | 1 Php | 2017-10-11 | 5.0 MEDIUM | N/A |
| Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991. | |||||
| CVE-2007-1104 | 1 Php Mip | 1 Php Mip | 2017-10-11 | 4.3 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter. | |||||
| CVE-2007-1260 | 1 Webmod | 1 Webmod | 2017-10-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header. | |||||
| CVE-2006-6161 | 1 Doug Luxem | 1 Liberum Help Desk | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1566 | 1 Netvios | 1 Netvios | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954. | |||||
| CVE-2006-7032 | 1 Tufat | 1 Flashbb | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-7026 | 1 Avatic | 1 Aardvark Topsites Php | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149. | |||||
| CVE-2007-0199 | 1 Cisco | 1 Ios | 2017-10-11 | 5.0 MEDIUM | N/A |
| The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." | |||||
| CVE-2006-7024 | 1 Harpia | 1 Harpia Cms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php. | |||||
| CVE-2007-1556 | 1 Thecreativeheads.de | 1 Creative Files | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter. | |||||
| CVE-2006-5462 | 1 Mozilla | 4 Firefox, Network Security Services, Seamonkey and 1 more | 2017-10-11 | 6.4 MEDIUM | N/A |
| Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340. | |||||
| CVE-2007-1080 | 1 Turbosoft | 1 Turboftp | 2017-10-11 | 7.8 HIGH | N/A |
| Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command. | |||||
| CVE-2007-1079 | 1 Rhinosoft | 1 Ftp Voyager | 2017-10-11 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command. | |||||
| CVE-2006-7007 | 1 H. Nomura | 1 Tiny Ftpd | 2017-10-11 | 7.8 HIGH | N/A |
| Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133. | |||||
| CVE-2007-1075 | 1 Turbosoft | 1 Turboftp | 2017-10-11 | 7.8 HIGH | N/A |
| TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters. | |||||
| CVE-2006-5755 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task. | |||||
| CVE-2007-0917 | 1 Cisco | 1 Ios | 2017-10-11 | 6.4 MEDIUM | N/A |
| The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. | |||||
| CVE-2007-1487 | 3 Cyber Inside, Cyberteddy, Sascha Schroeder | 3 Weblog, Weblog, Weblog | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action. | |||||
| CVE-2007-1074 | 1 Dji | 1 Newsbin Pro | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. | |||||