Total
29862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3246 | 1 Irc Services | 1 Irc Services | 2025-04-09 | 5.0 MEDIUM | N/A |
| The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password. | |||||
| CVE-2007-3141 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042. | |||||
| CVE-2006-6218 | 1 Dev4u | 1 Dev4u Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters. | |||||
| CVE-2006-6722 | 1 Jelle De Vos | 1 Bandwebsite | 2025-04-09 | 7.5 HIGH | N/A |
| Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1. | |||||
| CVE-2007-0421 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log. | |||||
| CVE-2006-6145 | 1 Cryptocard | 1 Crypto-server | 2025-04-09 | 2.1 LOW | N/A |
| CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0692 | 1 Dgnews | 1 Dgnews | 2025-04-09 | 5.0 MEDIUM | N/A |
| DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages. | |||||
| CVE-2006-5746 | 1 Airmagnet | 1 Enterprise | 2025-04-09 | 6.4 MEDIUM | N/A |
| The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates. | |||||
| CVE-2006-5132 | 1 Phpmyagenda | 1 Phpmyagenda | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009. | |||||
| CVE-2007-2375 | 1 Symantec | 1 Enterprise Security Manager | 2025-04-09 | 10.0 HIGH | N/A |
| The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol. | |||||
| CVE-2007-0788 | 1 Mediawiki | 1 Mediawiki | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript." | |||||
| CVE-2007-0602 | 1 Trend Micro | 1 Viruswall | 2025-04-09 | 6.9 MEDIUM | N/A |
| Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533. | |||||
| CVE-2009-4378 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2025-04-09 | 4.3 MEDIUM | N/A |
| The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." | |||||
| CVE-2006-4408 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. | |||||
| CVE-2006-5831 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter. | |||||
| CVE-2007-2772 | 1 Ca | 1 Brightstor Arcserve Backup | 2025-04-09 | 7.8 HIGH | N/A |
| (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. | |||||
| CVE-2006-7076 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2007-3543 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. | |||||
| CVE-2007-4141 | 1 Openrat | 1 Openrat Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain sensitive information via a request containing an XSS sequence in the action parameter to index.php, which reveals the path in an error message. | |||||
| CVE-2007-1792 | 1 Symantec | 2 Mail Security, Mail Security 8820 Appliance | 2025-04-09 | 7.8 HIGH | N/A |
| libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02". | |||||