Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1598 | 1 Intervations | 1 Filecopa | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2006-6392 | 1 Plx Web Studio | 1 Plx Pay | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credentials and other sensitive information, via a .. (dot dot) in the read parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6849 | 1 Cahier De Textes | 1 Cahier De Textes | 2025-04-09 | 7.5 HIGH | N/A |
| administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. | |||||
| CVE-2007-2480 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
| The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications. | |||||
| CVE-2007-0942 | 1 Microsoft | 6 Ie, Internet Explorer, Windows 2000 and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. | |||||
| CVE-2006-6556 | 1 Eyeos | 1 Eyeos | 2025-04-09 | 7.5 HIGH | N/A |
| The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation. | |||||
| CVE-2007-3250 | 1 Elxis | 1 Elxis Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. NOTE: the product was patched without updating the version number; later downloads of 2006.4 are not affected. | |||||
| CVE-2006-5878 | 1 Edgewall Software | 1 Trac | 2025-04-09 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. | |||||
| CVE-2007-3396 | 1 Key Focus | 1 Kf Web Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter. | |||||
| CVE-2007-3605 | 1 Sap | 1 Enjoysap | 2025-04-09 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function. | |||||
| CVE-2007-3426 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2007-0951 | 1 Fullaspsite | 1 Asp Hosting Site | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-3570 | 1 Novell | 1 Access Manager | 2025-04-09 | 7.5 HIGH | N/A |
| The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | |||||
| CVE-2007-2307 | 1 Webkalk2 | 1 Webkalk2 | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
| CVE-2006-5902 | 1 Viksoe | 1 Gmail Drive | 2025-04-09 | 7.5 HIGH | N/A |
| viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GMAILFS: [13;a;1] message with a new filename and a file attachment, which injects a new file into the filesystem; (2) a GMAILFS: [13;a;1] message with an existing filename and a file attachment, which overwrites existing file content; and (3) a GMAILFS: [14;a;1] message, which creates a folder. | |||||
| CVE-2007-2642 | 1 R2k | 1 R2k Gallery | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter. | |||||
| CVE-2007-3183 | 1 Vincent Hor | 1 Calendarix | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php. | |||||
| CVE-2008-7021 | 1 Availscript | 1 Jobs Portal Script | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2007-2396 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
| The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. | |||||
| CVE-2006-7168 | 1 Phpbb | 1 Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||