Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0965 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request. | |||||
| CVE-2007-3198 | 1 Maran | 1 Php Blog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2007-0548 | 1 Karjasoft | 1 Sami Http Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects. | |||||
| CVE-2007-2492 | 1 Postnuke Software Foundation | 1 Postnuke V4bjournal Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action. | |||||
| CVE-2007-3251 | 1 E-vision | 1 E-vision Cms | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php. | |||||
| CVE-2009-4373 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/. | |||||
| CVE-2006-6757 | 1 Cwm-design | 1 Cwmexplorer | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter. | |||||
| CVE-2007-0083 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan. | |||||
| CVE-2006-7162 | 1 Putty | 1 Putty | 2025-04-09 | 1.9 LOW | N/A |
| PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files. | |||||
| CVE-2007-0923 | 1 Radical Technologies | 1 Portal Search | 2025-04-09 | 7.8 HIGH | N/A |
| buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters. | |||||
| CVE-2007-6630 | 1 Feng | 1 Feng | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request. | |||||
| CVE-2006-5615 | 1 Textpattern | 1 Textpattern | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter. | |||||
| CVE-2006-6236 | 1 Adobe | 1 Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
| Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. | |||||
| CVE-2007-2716 | 1 Eqdkp | 1 Eqdkp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0487 | 1 Zoneo-soft | 1 Freeforum | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used | |||||
| CVE-2007-2315 | 1 Minishare | 1 Minimal Http Server | 2025-04-09 | 7.8 HIGH | N/A |
| MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections. | |||||
| CVE-2007-1575 | 1 Phprojekt | 1 Phprojekt | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out. | |||||
| CVE-2007-2592 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. | |||||
| CVE-2009-1693 | 1 Apple | 1 Safari | 2025-04-09 | 5.8 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." | |||||
| CVE-2007-4231 | 1 Idevspot | 1 Phphostbot | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776. | |||||