Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2767 | 1 Opendap | 2 Bes, Hyrax | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors. | |||||
| CVE-2006-5549 | 1 Adobe | 1 Adobe Php Ria Sdk | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant | |||||
| CVE-2007-5614 | 1 Mortbay Jetty | 1 Jetty | 2025-04-09 | 7.5 HIGH | N/A |
| Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors. | |||||
| CVE-2006-5894 | 1 Rama Cms | 1 Rama Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php. | |||||
| CVE-2006-6007 | 1 Webevents | 1 Online Event Registration | 2025-04-09 | 5.0 MEDIUM | N/A |
| save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter. | |||||
| CVE-2006-6557 | 1 Skulls | 1 Skulls | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes." | |||||
| CVE-2007-6358 | 1 Glyph And Cog | 1 Pdftops | 2025-04-09 | 4.9 MEDIUM | N/A |
| pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS. | |||||
| CVE-2006-7044 | 1 Cmpro Team | 1 Clan Manager Pro | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | |||||
| CVE-2006-5871 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.1 MEDIUM | N/A |
| smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings. | |||||
| CVE-2007-3814 | 1 Mkportal | 1 Mkportal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors. | |||||
| CVE-2006-6794 | 1 Efkan Forum | 1 Efkan Forum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter. | |||||
| CVE-2007-2411 | 1 Sphider | 1 Sphider | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue. | |||||
| CVE-2006-5521 | 1 Net Dns | 1 Net Dns | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. | |||||
| CVE-2007-2606 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE. | |||||
| CVE-2007-0960 | 1 Cisco | 2 Asa 5500, Pix Firewall Software | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2006-6755 | 1 Ixprim | 1 Ixprim Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message. | |||||
| CVE-2007-3157 | 1 Safenet | 2 Safenet Highassurance Remote, Softremote Vpn Client | 2025-04-09 | 5.0 MEDIUM | N/A |
| IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec. | |||||
| CVE-2006-5346 | 1 Oracle | 3 Collaboration Suite, E-business Suite, Http Server | 2025-04-09 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors related to htdigest, aka Vuln# OHS02. | |||||
| CVE-2007-6628 | 1 Feng | 1 Feng | 2025-04-09 | 5.0 MEDIUM | N/A |
| LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a "RTP/AVP;unicast;client_port" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header. | |||||
| CVE-2006-5403 | 1 Symantec | 4 Automated Support Assistant, Norton Antivirus, Norton Internet Security and 1 more | 2025-04-09 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||