Total
29863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1148 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. | |||||
| CVE-2007-0761 | 1 Phpbb | 1 Ezboard Converter | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter. | |||||
| CVE-2007-3312 | 1 Efstratios Geroulis | 1 Jasmine Cms | 2025-04-09 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | |||||
| CVE-2007-2051 | 1 Bftpd | 1 Bftpd | 2025-04-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable. | |||||
| CVE-2007-3659 | 1 Freewrl | 1 Freewrl | 2025-04-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allows local users to execute arbitrary code via a crafted BROWSER environment variable. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2007-2601 | 1 Divx City | 1 Gdivx Zenith Player | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value. | |||||
| CVE-2006-7063 | 1 Tinyphpforum | 1 Tinyphpforum | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter. | |||||
| CVE-2007-0361 | 1 Comscripts | 1 Phpmyphorum | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter. | |||||
| CVE-2007-0730 | 1 Apple | 2 Mac Os X, Server Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration. | |||||
| CVE-2007-0442 | 1 Ibm | 1 Os 400 | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain. | |||||
| CVE-2007-0608 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-09 | 7.1 HIGH | N/A |
| Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path. | |||||
| CVE-2006-6949 | 1 Conti | 1 Ftpserver | 2025-04-09 | 4.6 MEDIUM | N/A |
| Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2007-2147 | 1 Stephen Craton | 1 Chatness | 2025-04-09 | 10.0 HIGH | N/A |
| admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests. | |||||
| CVE-2007-2192 | 1 Antonio Da Cruz | 1 Photofiltre Studio | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file. | |||||
| CVE-2006-5490 | 1 Middlebury College | 1 Segue Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-4016 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-3529 | 1 Phpdirector | 1 Phpdirector | 2025-04-09 | 7.8 HIGH | N/A |
| videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message. | |||||
| CVE-2007-0684 | 1 Cerulean Portal System | 1 Cerulean Portal System | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0142 | 1 Shopstorenow | 1 E-commerce Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||||
| CVE-2006-6611 | 1 Barman | 1 Barman | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | |||||