Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0903 | 1 Process-one | 1 Ejabberd | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors. | |||||
| CVE-2007-2615 | 1 Crie Sue | 1 Phplojafacil | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php. | |||||
| CVE-2006-6552 | 1 Php | 1 Blog Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. | |||||
| CVE-2007-0559 | 1 Rp World | 1 Rp World | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter. | |||||
| CVE-2007-3819 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | |||||
| CVE-2007-2724 | 1 Fotolog | 1 Fotolog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-1669 | 2 Amavis, Barracuda Networks | 2 Amavis, Barracuda Spam Firewall | 2025-04-09 | 7.8 HIGH | N/A |
| zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2006-7143 | 1 Call-center-software | 1 Call-center-software | 2025-04-09 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field. | |||||
| CVE-2007-4335 | 1 Qbik | 1 Wingate | 2025-04-09 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. | |||||
| CVE-2007-2937 | 1 Troforum | 1 Troforum | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter. | |||||
| CVE-2006-6598 | 1 Torrentflux | 2 Torrentflux, Torrentflux-b4rt | 2025-04-09 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328. | |||||
| CVE-2007-3505 | 1 Qt-cute | 1 Quicktalk Forum | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php. | |||||
| CVE-2006-6539 | 1 Flippet.org | 1 Winamp Web Interface | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, and (4) CControl::Load functions, related to the file parameter in the /dl URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2638 | 1 Efilecabinet | 1 Efilecabinet | 2025-04-09 | 10.0 HIGH | N/A |
| eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures. | |||||
| CVE-2007-5500 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1840 | 1 Ldap Account Manager | 1 Ldap Account Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
| lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS). | |||||
| CVE-2007-0190 | 1 Edit-x | 1 Ecommerce | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | |||||
| CVE-2007-3825 | 2 Broadcom, Ca | 8 Alert Notification Server, Brightstor Arcserve Backup, Brightstor Enterprise Backup and 5 more | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures. | |||||
| CVE-2007-1125 | 1 Xeroxer | 1 Simple One-file Gallery | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter. | |||||
| CVE-2007-1775 | 1 Jbrowser | 1 Jbrowser | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||