Total
259285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3474 | 1 Libgd | 1 Gd Graphics Library | 2024-02-04 | 2.6 LOW | N/A |
| Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors. | |||||
| CVE-2008-1164 | 1 Phpcomasy | 1 Phpcomasy | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action. | |||||
| CVE-2007-3339 | 1 Fusetalk | 1 Fusetalk | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm. | |||||
| CVE-2006-6943 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 5.0 MEDIUM | N/A |
| PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php. | |||||
| CVE-2007-4223 | 1 Microsoft | 1 Sysinternals Debugview | 2024-02-04 | 10.0 HIGH | N/A |
| Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2007-5267 | 1 Libpng | 1 Libpng | 2024-02-04 | 4.3 MEDIUM | N/A |
| Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. | |||||
| CVE-2007-2079 | 1 Xampp | 1 Apache Distribution | 2024-02-04 | 9.3 HIGH | N/A |
| The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. | |||||
| CVE-2007-0307 | 1 Poplar Gedcom Viewer | 1 Poplar Gedcom Viewer | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter. | |||||
| CVE-2007-6167 | 1 Suse | 1 Suse Linux | 2024-02-04 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. | |||||
| CVE-2007-4763 | 1 Tim Jackson | 1 Phpof | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter. | |||||
| CVE-2007-2965 | 1 F-secure | 7 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus Linux Client Security and 4 more | 2024-02-04 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space." | |||||
| CVE-2006-5643 | 1 Foresite Cms | 1 Foresite Cms | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2006-7084 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7083. Reason: This candidate is a duplicate of CVE-2006-7083. Notes: All CVE users should reference CVE-2006-7083 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2006-7216 | 1 Apache | 1 Derby | 2024-02-04 | 4.0 MEDIUM | N/A |
| Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables. | |||||
| CVE-2006-5136 | 1 Ubbcentral | 1 Ubb.threads | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter. | |||||
| CVE-2007-2819 | 1 Track\+ | 1 Track\+ | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter. | |||||
| CVE-2008-0459 | 1 Liquidsilvercms | 1 Liquidsilvercms | 2024-02-04 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter. | |||||
| CVE-2007-4110 | 1 Codewidgets | 1 Threaded Discussion Forum Application | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-1491 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2024-02-04 | 5.2 MEDIUM | N/A |
| Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. | |||||
| CVE-2008-0007 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | N/A |
| Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. | |||||