Total
29560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0596 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-09 | 6.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter. | |||||
| CVE-2007-0643 | 1 Bloodshed Software | 1 Dev-c\+\+ | 2025-04-09 | 4.3 MEDIUM | N/A |
| Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. | |||||
| CVE-2007-0413 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 4.4 MEDIUM | N/A |
| BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file. | |||||
| CVE-2007-2460 | 1 Firefly | 1 Firefly | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4048 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-09 | 4.0 MEDIUM | N/A |
| Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket. | |||||
| CVE-2007-1103 | 1 Tor | 1 Tor | 2025-04-09 | 4.3 MEDIUM | N/A |
| Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations. | |||||
| CVE-2007-0201 | 1 Tis | 1 Internet Firewall Toolkit | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest). | |||||
| CVE-2006-6671 | 1 Maxiasp | 1 Burak Yilmaz Download Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4425 | 1 Live For Speed | 1 Live For Speed | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 allow remote authenticated users to (1) cause a denial of service (server crash) and probably execute arbitrary code via an ID 3 packet with a long nickname field, and (2) cause a denial of service (server crash) via an ID 10 packet containing a long string corresponding to an unavailable track. | |||||
| CVE-2009-0077 | 1 Microsoft | 2 Forefront Threat Management Gateway, Internet Security And Acceleration Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability." | |||||
| CVE-2007-0107 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
| WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. | |||||
| CVE-2007-3179 | 1 Particle Blogger | 1 Particle Blogger | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors. | |||||
| CVE-2007-3788 | 1 Esoft | 1 Instagate Ex2 Utm | 2025-04-09 | 7.6 HIGH | N/A |
| The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document. | |||||
| CVE-2006-6806 | 1 Enthrallweb | 1 Emates | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2007-3526 | 1 Vastal I-tech | 1 Buddy Zone | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php. | |||||
| CVE-2007-3940 | 1 Quickersite | 1 Quickersite | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0217 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
| The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. | |||||
| CVE-2006-7172 | 1 Php-stats | 1 Php-stats | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter. | |||||
| CVE-2007-4615 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. | |||||
| CVE-2007-0987 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter. | |||||