Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3239 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. | |||||
| CVE-2007-4531 | 1 Michal Marcinkowski | 2 Soldat Dedicated Server, Soldat Game Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a client denial of service (crash) via (1) a long string to the file transfer port or (2) a long chat message, or (3) a server denial of service (continuous beep and slowdown) via a string containing many 0x07 or other control characters to the file transfer port. | |||||
| CVE-2006-6631 | 1 Ibiblio | 1 Osprey | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | |||||
| CVE-2007-1572 | 1 Sourceforge | 1 Jgbbs | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0549 | 1 212cafe | 1 212cafeboard | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-3564 | 1 Libcurl | 1 Libcurl | 2025-04-09 | 7.5 HIGH | N/A |
| libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. | |||||
| CVE-2009-0630 | 1 Cisco | 1 Ios | 2025-04-09 | 7.1 HIGH | N/A |
| The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets. | |||||
| CVE-2007-3589 | 1 B1g | 1 B1gbb | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php. | |||||
| CVE-2006-7103 | 1 Ezonlinegallery | 1 Ezonlinegallery | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php. | |||||
| CVE-2007-1022 | 1 Turuncu Portal | 1 Turuncu Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3191 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | 9.4 HIGH | N/A |
| Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function. | |||||
| CVE-2006-5950 | 1 Altools | 1 Alftp Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2007-1118 | 1 Efiction | 1 Efiction | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. | |||||
| CVE-2009-3641 | 1 Snort | 1 Snort | 2025-04-09 | 4.3 MEDIUM | N/A |
| Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol. | |||||
| CVE-2006-6299 | 1 Novell | 1 Zenworks Asset Management | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. | |||||
| CVE-2007-2675 | 1 Pre Projects | 1 Pre Classifieds Listings | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2009-2840 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | |||||
| CVE-2006-5820 | 1 Aol | 1 Aol | 2025-04-09 | 9.3 HIGH | N/A |
| The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. | |||||
| CVE-2007-0564 | 1 Symantec | 1 Web Security | 2025-04-09 | 4.0 MEDIUM | N/A |
| The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. | |||||
| CVE-2007-1324 | 1 Snapgear | 6 560, 580, 585 and 3 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613. | |||||