Total
258769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2781 | 1 Wikyblog | 1 Wikyblog | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element. | |||||
| CVE-2007-5312 | 1 Torrenttrader | 1 Torrenttrader | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php. | |||||
| CVE-2007-2579 | 1 Acp3 | 1 Acp3 | 2024-02-04 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via (1) the form[mail] parameter to contact/contact/index.php; the (2) form[mods][] or (3) form[search_term] parameter to search/list/action_search/index.php; (4) the id parameter to modules/dl/download.php; (5) the form[cat] parameter to news/list/index.php; the (6) form[cat], (7) form[name], or (8) form[message] parameter to certain news/details/id_*/action_create/index.php files; or (9) the form[mail] parameter to newsletter/create/index.php. | |||||
| CVE-2007-4934 | 1 Phpffl | 1 Phpffl | 2024-02-04 | 4.6 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php. | |||||
| CVE-2007-6100 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. | |||||
| CVE-2007-4906 | 1 Nuclearbb | 1 Nuclearbb | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2007-2188 | 1 Extremail | 1 Extremail | 2024-02-04 | 10.0 HIGH | N/A |
| eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing. | |||||
| CVE-2007-0484 | 1 Enthusiast | 1 Enthusiast | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4521 | 1 Asterisk | 1 Asterisk | 2024-02-04 | 5.0 MEDIUM | N/A |
| Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. | |||||
| CVE-2007-5601 | 1 Realnetworks | 1 Realplayer | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll. | |||||
| CVE-2007-2987 | 1 Zenturi | 1 Zenturi Programchecker | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods. | |||||
| CVE-2006-6642 | 1 Contra Haber Sistemi | 1 Contra Haber Sistemi | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4344 | 1 Acdsee | 3 Photo Editor, Photo Manager, Pro Photo Manager | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow. | |||||
| CVE-2007-4255 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. | |||||
| CVE-2008-0254 | 1 Wavelink Media | 1 Tutorialcms | 2024-02-04 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter. | |||||
| CVE-2007-0009 | 3 Canonical, Debian, Mozilla | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2024-02-04 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. | |||||
| CVE-2007-0693 | 1 Dian Gemilang | 1 Dgnews | 2024-02-04 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS). | |||||
| CVE-2007-3322 | 1 Avaya | 1 4602sw Ip Phone | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port. | |||||
| CVE-2007-1565 | 1 Kde | 1 Konqueror | 2024-02-04 | 7.8 HIGH | N/A |
| Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. | |||||
| CVE-2007-4198 | 1 Brian Carrier | 1 The Slueth Kit | 2024-02-04 | 4.3 MEDIUM | N/A |
| The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read. | |||||