Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3441 | 1 Aastra Telecom | 1 9112i Sip Phone | 2025-04-09 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349. | |||||
| CVE-2007-1011 | 1 Vs-gastebuch | 1 Vs-gastebuch | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter. | |||||
| CVE-2007-1872 | 1 Toenda Software Development | 1 Toendacms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id. | |||||
| CVE-2007-3253 | 1 Astaro | 1 Security Gateway | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session. | |||||
| CVE-2007-1086 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 Universal Database and 3 more | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." | |||||
| CVE-2006-7010 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. | |||||
| CVE-2007-0677 | 1 Cronosys | 1 Cadre Php Framework | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter. | |||||
| CVE-2007-0335 | 1 Jax Scripts | 1 Jax Petition Book | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php. | |||||
| CVE-2007-4522 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php. NOTE: some vectors might be reachable through the url and name parameters to (g) admin/navigation/new_nav_item.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS. | |||||
| CVE-2007-4201 | 1 Guidance Software | 1 Encase | 2025-04-09 | 5.0 MEDIUM | N/A |
| Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035. | |||||
| CVE-2006-6289 | 1 Woltlab | 1 Burning Board Lite | 2025-04-09 | 6.8 MEDIUM | N/A |
| Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite. | |||||
| CVE-2007-3372 | 1 Avahi | 1 Avahi | 2025-04-09 | 2.1 LOW | N/A |
| The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. | |||||
| CVE-2006-6207 | 1 Lynx Internet Solutions | 1 Evolve Merchant | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL error | |||||
| CVE-2007-3820 | 1 Kde | 1 Konqueror | 2025-04-09 | 2.6 LOW | N/A |
| konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | |||||
| CVE-2006-3741 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption). | |||||
| CVE-2006-6517 | 1 Kdpics | 1 Kdpics | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3. | |||||
| CVE-2007-3011 | 1 Fujitsu | 1 Serverview | 2025-04-09 | 7.5 HIGH | N/A |
| The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter. | |||||
| CVE-2007-3796 | 1 Mailmarshal | 1 Mailmarshal Smtp | 2025-04-09 | 7.6 HIGH | N/A |
| The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. | |||||
| CVE-2006-5928 | 1 Phpjobscheduler | 1 Phpjobscheduler | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter to (1) add-modify.php, (2) delete.php, (3) modify.php, and (4) phpjobscheduler.php. | |||||
| CVE-2007-1852 | 1 Ben3w | 1 2bgal | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has been disputed by CVE, since the lang_filename variable is defined before it is used | |||||