Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5260 | 1 Compteur | 1 Compteur | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in compteur.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the cp parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2009-3173 | 1 Theratstudios | 1 The Rat Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/add_album.php in The Rat CMS Alpha 2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. | |||||
| CVE-2007-4376 | 1 Szymon Kosok | 1 Best Top List | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/. | |||||
| CVE-2007-1357 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum. | |||||
| CVE-2007-2416 | 1 E-annu | 1 E-annu | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter. | |||||
| CVE-2008-5353 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
| The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". | |||||
| CVE-2006-5423 | 1 Lou Portail | 1 Lou Portail | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-3618 | 1 Emc | 1 Legato Networker | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd." | |||||
| CVE-2007-1522 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. | |||||
| CVE-2007-0356 | 2 Common Controls Replacement Project, Microsoft | 2 Foldertreeview Activex Control, Ie | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. | |||||
| CVE-2006-6405 | 1 Softwin | 1 Bitdefender Mail Protection | 2025-04-09 | 5.0 MEDIUM | N/A |
| BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | |||||
| CVE-2007-1802 | 1 Maildwarf | 1 Maildwarf | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4197 | 1 Huawei | 3 Mt882 Modem, Mt882 Modem Firmware, Mt882 V100t002b020 Arg-t | 2025-04-09 | 4.7 MEDIUM | N/A |
| rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. | |||||
| CVE-2006-5303 | 1 Securecomputing | 1 Safeword Remoteaccess | 2025-04-09 | 2.1 LOW | N/A |
| Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERS\Web\Tomcat\usercenter\WEB-INF\login.conf and (2) plaintext data in SERVERS\Shared\signers.cfg. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-0836 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 4.0 MEDIUM | N/A |
| admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3143 | 1 Kde | 1 Konqueror | 2025-04-09 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2006-6926 | 1 Extremail | 1 Extremail | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5570 | 1 Kynoslogic | 1 Cruiseworks | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter. | |||||
| CVE-2007-2487 | 1 Atomix Productions | 1 Atomixmp3 | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287. | |||||
| CVE-2007-3163 | 1 Frederico Caldeira Knabben | 1 Fckeditor | 2025-04-09 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. | |||||