Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3641 | 1 Freebsd | 1 Libarchive | 2025-04-09 | 9.3 HIGH | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. | |||||
| CVE-2007-1353 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer. | |||||
| CVE-2006-7048 | 1 Claroline | 1 Claroline | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284. | |||||
| CVE-2007-4463 | 2 Fransois Gannier, Ghisler | 2 Fileinfo Plugin, Total Commander | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file. | |||||
| CVE-2007-2551 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2008-4503 | 1 Adobe | 1 Flash Player | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking." | |||||
| CVE-2007-3158 | 1 Tenyearsgone | 1 Asp Folder Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter. | |||||
| CVE-2006-5985 | 1 Extreme Cms | 1 Extreme Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2007-1713 | 1 B21soft | 1 Basp21 | 2025-04-09 | 6.4 MEDIUM | N/A |
| CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines. | |||||
| CVE-2007-3277 | 1 Wikindx | 1 Wikindx | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors. | |||||
| CVE-2007-2211 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action. | |||||
| CVE-2006-5459 | 1 Alex | 1 Downloadengine | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291. NOTE: CVE analysis as of 20061021 is inconclusive, but suggests that some or all of the suggested attack vectors are ineffective. | |||||
| CVE-2006-6252 | 1 Microsoft | 1 Windows Live Messenger | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. | |||||
| CVE-2006-6526 | 1 Gizzar | 1 Gizzar | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | |||||
| CVE-2006-6828 | 1 Efkan Forum | 1 Efkan Forum | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794. | |||||
| CVE-2007-4159 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 5.0 MEDIUM | N/A |
| index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request. | |||||
| CVE-2007-4200 | 1 Brian Carrier | 1 The Slueth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
| ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image. | |||||
| CVE-2006-5824 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 4.9 MEDIUM | N/A |
| Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. | |||||
| CVE-2007-3673 | 1 Symantec | 6 Client Security, Norton Antispam, Norton Antivirus and 3 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite. | |||||
| CVE-2007-2364 | 1 Burnstone | 1 Burncms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/. | |||||