Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1636 | 1 Roseonlinecms | 1 Roseonlinecms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header. | |||||
| CVE-2007-2196 | 2 Joomla, Mambo | 2 Jambook, Jambook | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request | |||||
| CVE-2007-4237 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
| Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges. | |||||
| CVE-2006-5429 | 1 Barry Nauta | 1 Brim | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter in template.tpl.php in (1) templates/barrel/, (2) templates/sidebar/, (3) templates/text-only, (4) templates/slashdot/, (5) templates/penguin/, (6) templates/pda/, (7) templates/oerdec/, (8) templates/nifty/, (9) templates/mylook, and (10) templates/barry/. | |||||
| CVE-2007-0190 | 1 Edit-x | 1 Ecommerce | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | |||||
| CVE-2007-2807 | 1 Eggheads | 1 Eggdrop Irc Bot | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message. | |||||
| CVE-2007-2926 | 1 Isc | 1 Bind | 2025-04-09 | 4.3 MEDIUM | N/A |
| ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. | |||||
| CVE-2006-7097 | 1 Taskfreak | 1 Taskfreak | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors. | |||||
| CVE-2006-5747 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function. | |||||
| CVE-2006-6865 | 1 Softartisans | 1 Fileup | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences. | |||||
| CVE-2007-0647 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.1 HIGH | N/A |
| Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function. | |||||
| CVE-2006-4098 | 1 Cisco | 1 Secure Access Control Server | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. | |||||
| CVE-2007-3267 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235. | |||||
| CVE-2006-5587 | 1 Mdweb | 1 Mdweb | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php. | |||||
| CVE-2006-5011 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine". | |||||
| CVE-2007-2085 | 1 Oe2edit | 1 Oe2edit Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2007-3231 | 1 Mecab | 1 Mecab | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors. | |||||
| CVE-2006-6666 | 1 Verliadmin | 1 Verliadmin | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter. | |||||
| CVE-2007-2140 | 1 Franklin Huang | 1 Flip-search-add-on | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | |||||
| CVE-2009-0755 | 1 Poppler | 1 Poppler | 2025-04-09 | 5.0 MEDIUM | N/A |
| The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. | |||||