Total
258574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3974 | 1 3com | 1 3cr860-95 | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. | |||||
| CVE-2008-0733 | 1 Cs Team | 1 Counter Strike Portal | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page. | |||||
| CVE-2007-5560 | 1 Juniper | 1 Http Service | 2024-02-04 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Juniper HTTP Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-0301 | 1 Fdweb | 1 Espace Membre | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2008-1227 | 1 Silc | 1 Silc Toolkit | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6653 | 1 Netbsd | 1 Netbsd | 2024-02-04 | 1.7 LOW | N/A |
| The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket"). | |||||
| CVE-2007-0579 | 1 Horde | 1 Groupware | 2024-02-04 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6126 | 1 Project Alumni | 1 Project Alumni | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php. | |||||
| CVE-2007-0346 | 1 Sme | 1 Filemailer | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter. | |||||
| CVE-2006-5031 | 1 Cakefoundation | 1 Cakephp | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename. | |||||
| CVE-2008-0382 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. | |||||
| CVE-2006-5017 | 1 E-vision | 1 E-vision Cms | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter. | |||||
| CVE-2008-1225 | 1 Webct | 1 Webct | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Edition 4.1.5.8, when "Don't wrap text" is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a (1) mail message or (2) discussion board message. NOTE: this might overlap CVE-2005-1076. | |||||
| CVE-2007-3340 | 1 Bughunter | 1 Http Server | 2024-02-04 | 7.8 HIGH | N/A |
| BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages. | |||||
| CVE-2006-6915 | 1 Ibm | 1 Aix | 2024-02-04 | 4.0 MEDIUM | N/A |
| ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources. | |||||
| CVE-2007-0261 | 1 Snews | 1 Snews | 2024-02-04 | 10.0 HIGH | N/A |
| snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. | |||||
| CVE-2007-3002 | 1 Php Jackknife | 1 Php Jackknife | 2024-02-04 | 5.0 MEDIUM | N/A |
| PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages. | |||||
| CVE-2007-4211 | 1 Dovecot | 1 Dovecot | 2024-02-04 | 6.0 MEDIUM | N/A |
| The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. | |||||
| CVE-2006-5824 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 4.9 MEDIUM | N/A |
| Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. | |||||
| CVE-2007-3881 | 1 Pictures Rating | 1 Pictures Rating | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter. | |||||