Total
29856 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0844 | 1 Pam Ssh | 1 Pam Ssh | 2025-04-09 | 6.4 MEDIUM | N/A |
| The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase. | |||||
| CVE-2006-5873 | 2 Debian, L2tpns | 2 Debian Linux, L2tpns | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet. | |||||
| CVE-2006-5967 | 1 Panda | 1 Activescan | 2025-04-09 | 5.1 MEDIUM | N/A |
| Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe. | |||||
| CVE-2007-1584 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. | |||||
| CVE-2007-1762 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL. | |||||
| CVE-2007-1328 | 1 Bernard Joly | 1 Bj Webring | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu. | |||||
| CVE-2006-6944 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 7.5 HIGH | N/A |
| phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | |||||
| CVE-2006-6930 | 1 Ga Soft | 1 Rapid Classified | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3525 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2025-04-09 | 7.8 HIGH | N/A |
| Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6857 | 1 Docebolms | 1 Docebolms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2006-5524 | 1 Phplist | 1 Phplist | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. | |||||
| CVE-2007-0222 | 1 Oracle | 1 Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293). | |||||
| CVE-2007-1419 | 1 Sun | 1 Java Dynamic Management Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user. | |||||
| CVE-2007-2739 | 1 Xajax | 1 Xajax | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2316 | 1 Open Business Management | 1 Open Business Management | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser." | |||||
| CVE-2007-1635 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2025-04-09 | 9.0 HIGH | N/A |
| Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php. | |||||
| CVE-2007-4205 | 2 Bluecat Networks, Linux-ha | 2 Adonis, Heartbeat | 2025-04-09 | 7.1 HIGH | N/A |
| XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121. | |||||
| CVE-2007-0766 | 1 Remotesoft | 1 .net Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. | |||||
| CVE-2006-6069 | 1 Malbum | 1 Malbum | 2025-04-09 | 5.0 MEDIUM | N/A |
| index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter. | |||||
| CVE-2007-0239 | 1 Openoffice | 1 Openoffice | 2025-04-09 | 9.3 HIGH | N/A |
| OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. | |||||