Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4433 | 1 Aspindir | 1 Text File Search | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field. | |||||
| CVE-2007-3979 | 1 Netart Media | 1 Blog System | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2006-6804 | 1 Enthrallweb | 1 Dragon Business Directory Pro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2007-4063 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API. | |||||
| CVE-2006-6411 | 1 Linksys | 1 Wip 330 Wireless-g Ip Phone | 2025-04-09 | 7.8 HIGH | N/A |
| PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap. | |||||
| CVE-2007-0954 | 1 Mohachat | 1 Moha Chat | 2025-04-09 | 10.0 HIGH | N/A |
| MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors. | |||||
| CVE-2007-2710 | 1 Nagiosql | 1 Nagiosql | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2210 | 1 Netsprint | 1 Ask Ie Toolbar | 2025-04-09 | 7.8 HIGH | N/A |
| A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow. | |||||
| CVE-2007-2669 | 1 Globalmegacorp | 1 Phpchain | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. NOTE: certain parameter values also trigger path disclosure. | |||||
| CVE-2006-6698 | 1 Gnome | 1 Gconf | 2025-04-09 | 1.9 LOW | N/A |
| The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. | |||||
| CVE-2007-1904 | 1 Aol | 2 Icq, Instant Messenger | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. | |||||
| CVE-2006-5104 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter. | |||||
| CVE-2007-0353 | 1 Mywebland | 1 Mybloggie | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. | |||||
| CVE-2006-5296 | 1 Microsoft | 1 Powerpoint | 2025-04-09 | 4.3 MEDIUM | N/A |
| PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. | |||||
| CVE-2007-0422 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections. | |||||
| CVE-2006-6616 | 1 W00t Gallery | 1 W00t Gallery | 2025-04-09 | 6.0 MEDIUM | N/A |
| index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1704 | 1 Joomla | 1 Car Manager | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2165 | 1 Proftpd Project | 1 Proftpd | 2025-04-09 | 5.1 MEDIUM | N/A |
| The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd. | |||||
| CVE-2007-2956 | 2 Pfstools, Qtpfsgui | 2 Pfstools, Qtpfsgui | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the readRadianceHeader function in (1) src/fileformat/rgbeio.cpp in pfstools 1.6.2 and (2) src/Fileformat/rgbeio.cpp in Qtpfsgui 1.8.11 allows remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. | |||||
| CVE-2006-6693 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. | |||||