Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1300 | 1 Douran Software Technologies | 1 Isputil | 2025-04-09 | 7.8 HIGH | N/A |
| DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1195 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728. | |||||
| CVE-2007-2857 | 1 Zakkis Technology Corporation | 1 Php Excel Parser | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter. | |||||
| CVE-2007-1444 | 1 Netperf | 1 Netperf | 2025-04-09 | 4.4 MEDIUM | N/A |
| netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug. | |||||
| CVE-2007-0412 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files. | |||||
| CVE-2006-6828 | 1 Efkan Forum | 1 Efkan Forum | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794. | |||||
| CVE-2007-1565 | 1 Kde | 1 Konqueror | 2025-04-09 | 7.8 HIGH | N/A |
| Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. | |||||
| CVE-2007-4481 | 1 Wordpress | 1 Blix | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||||
| CVE-2007-4334 | 1 Php-stats | 1 Php-stats | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter. | |||||
| CVE-2006-5141 | 1 Kevin A. Gordon | 1 Open Geo Targeting | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-0732 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port." | |||||
| CVE-2007-2777 | 1 Alstrasoft | 1 Template Seller | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/. | |||||
| CVE-2007-3349 | 1 Aastra Telecom | 1 9112i Sip Phone | 2025-04-09 | 7.8 HIGH | N/A |
| The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to (1) cause a denial of service (device freeze) via a malformed SIP message of a certain length or (2) cause a denial of service (continuous ring) via a malformed SIP message of a certain other length. | |||||
| CVE-2006-6950 | 1 Conti | 1 Ftpserver | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument. | |||||
| CVE-2007-3830 | 1 Ibm | 2 Proventia Network Ips Gx5008, Proventia Network Ips Gx5108 | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. | |||||
| CVE-2007-1777 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow. | |||||
| CVE-2008-6768 | 1 Shopsystem-forum | 1 K\&s Shopsoftware | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/. | |||||
| CVE-2007-2361 | 1 Symantec | 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more | 2025-04-09 | 4.9 MEDIUM | N/A |
| Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file. | |||||
| CVE-2007-4171 | 1 Auracms | 1 Modul Forum Sederhana | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1657 | 1 Python Software Foundation | 1 Python | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. | |||||