Total
259287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4107 | 1 Phpmyforum | 1 Phpmyforum | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0362 | 1 Freshreader | 1 Freshreader | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes. | |||||
| CVE-2007-2242 | 4 Freebsd, Ietf, Netbsd and 1 more | 4 Freebsd, Ipv6, Netbsd and 1 more | 2024-02-04 | 7.8 HIGH | N/A |
| The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. | |||||
| CVE-2007-0902 | 1 Moinmoin | 1 Moinmoin | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5442 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | N/A |
| CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors. | |||||
| CVE-2007-2799 | 2 File, Sleuth Kit | 2 File, The Sleuth Kith | 2024-02-04 | 5.1 MEDIUM | N/A |
| Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. | |||||
| CVE-2006-7115 | 1 Phpkit | 1 Phpkit | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php. | |||||
| CVE-2006-5525 | 1 Phpnuke | 1 Php-nuke | 2024-02-04 | 5.1 MEDIUM | N/A |
| Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. | |||||
| CVE-2007-2763 | 1 Sienzo | 1 Digital Music Mentor | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the UnlockSupport function in the LockModules subsystem in a certain ActiveX control in ltmm15.dll in Sienzo Digital Music Mentor (DMM) 2.6.0.4 allows remote attackers to execute arbitrary code via a long string in the second argument, a different issue than CVE-2007-2564. | |||||
| CVE-2006-6258 | 1 Alternc | 1 Alternc | 2024-02-04 | 9.3 HIGH | N/A |
| The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack. | |||||
| CVE-2007-3844 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-04 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. | |||||
| CVE-2007-3238 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. | |||||
| CVE-2006-6778 | 1 Timberwolf | 1 Timberwolf | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter. | |||||
| CVE-2006-5819 | 1 Verity | 1 Ultraseek | 2024-02-04 | 10.0 HIGH | N/A |
| Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script. | |||||
| CVE-2007-2441 | 1 Caucho Technology | 1 Resin | 2024-02-04 | 5.0 MEDIUM | N/A |
| Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. | |||||
| CVE-2007-0384 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-04 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-5135 | 1 Openssl | 1 Openssl | 2024-02-04 | 6.8 MEDIUM | N/A |
| Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. | |||||
| CVE-2007-2062 | 1 Vcdgear | 1 Vcdgear | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file. | |||||
| CVE-2007-3439 | 1 Snom | 2 320 Sip Phone, Snom 320 Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800. | |||||
| CVE-2007-1998 | 1 Hiox India | 1 Guest Book | 2024-02-04 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php. | |||||