Total
29551 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1005 | 2 Broadcom, Ca | 2 Etrust Intrusion Detection, Etrust Intrusion Detection | 2025-04-09 | 7.8 HIGH | N/A |
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp). | |||||
CVE-2007-1133 | 1 Scripter.ch | 1 Fcring | 2025-04-09 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter. | |||||
CVE-2007-0195 | 1 F5 | 1 Firepass | 2025-04-09 | 5.0 MEDIUM | N/A |
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. | |||||
CVE-2007-2600 | 1 Wavelink Media | 1 Tutorialcms | 2025-04-09 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php. | |||||
CVE-2007-4446 | 1 Toribash | 1 Toribash | 2025-04-09 | 7.5 HIGH | N/A |
Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game. | |||||
CVE-2007-0466 | 1 Telestream | 1 Flip4mac Windows Media Components For Quicktime | 2025-04-09 | 10.0 HIGH | N/A |
Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption. | |||||
CVE-2006-7053 | 1 Arkoon | 1 Fast360 | 2025-04-09 | 7.5 HIGH | N/A |
Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted." | |||||
CVE-2006-6839 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | 10.0 HIGH | N/A |
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." | |||||
CVE-2006-6965 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-09 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks. | |||||
CVE-2007-1764 | 1 Faststone | 1 Image Viewer | 2025-04-09 | 6.0 MEDIUM | N/A |
Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image. | |||||
CVE-2008-6530 | 1 Ezonescripts | 1 Living Local | 2025-04-09 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | |||||
CVE-2007-3693 | 1 Gobi And Helma | 1 Gobi | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function. | |||||
CVE-2006-5381 | 1 Contenido | 1 Contendio | 2025-04-09 | 5.0 MEDIUM | N/A |
Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory. | |||||
CVE-2006-5600 | 1 Axalto | 1 Protiva | 2025-04-09 | 2.1 LOW | N/A |
Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-INF\classes\authserver.config. | |||||
CVE-2006-5285 | 1 Xeoport | 1 Xeoport | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter. | |||||
CVE-2006-6364 | 1 Inside Systems | 1 Inside Systems | 2025-04-09 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. | |||||
CVE-2007-3923 | 1 Cisco | 3 Wide Area Application Engine, Wide Area Application Engine Nm-wae-502, Wide Area Application Services | 2025-04-09 | 7.8 HIGH | N/A |
The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445. | |||||
CVE-2007-3616 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 6.5 MEDIUM | N/A |
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. | |||||
CVE-2006-5821 | 1 Citrix | 2 Metaframe, Metaframe Presentation Server | 2025-04-09 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption. | |||||
CVE-2007-0787 | 1 Simple Invoices | 1 Simple Invoices | 2025-04-09 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information. |