Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4199 | 1 Brian Carrier | 1 The Slueth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
| Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat. | |||||
| CVE-2006-5472 | 1 Softerra | 1 Php Developer Library | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php. | |||||
| CVE-2006-5760 | 1 Phpdynasite | 1 Phpdynasite | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php. | |||||
| CVE-2007-4160 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network. | |||||
| CVE-2007-1440 | 1 Jgbbs | 1 Jgbbs | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter. | |||||
| CVE-2007-3729 | 1 Hp | 1 Openvms | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames. | |||||
| CVE-2007-4387 | 1 2wire | 2 1701hg Router, 2071 Router | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. | |||||
| CVE-2006-5951 | 1 Exophpdesk | 1 Exophpdesk | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | |||||
| CVE-2007-3714 | 1 Ada | 1 Imgsvr | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this is probably a different issue than CVE-2004-2464. NOTE: it was later reported that 0.6.21 and earlier is also affected. | |||||
| CVE-2006-6838 | 1 Rediff | 1 Bol Downloader Activex Ocx Control | 2025-04-09 | 7.5 HIGH | N/A |
| Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter. | |||||
| CVE-2007-2530 | 1 Tropicalm | 1 Tropicalm Crowell Resource | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php. | |||||
| CVE-2007-4122 | 1 Hitachi | 1 Jp1-cm2-hierarchical Viewer | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data." | |||||
| CVE-2006-6374 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. | |||||
| CVE-2007-2558 | 1 Netsliver | 1 Pfa Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use | |||||
| CVE-2006-5434 | 1 P-news | 1 P-news | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter. | |||||
| CVE-2007-2698 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. | |||||
| CVE-2007-2618 | 1 Drake Team | 1 Drake Cms | 2025-04-09 | 5.1 MEDIUM | N/A |
| CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." | |||||
| CVE-2007-0304 | 1 Mint | 1 Haber Sistemi | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2323 | 1 Intervideo | 1 Home Theater | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the (1) GetDiscType or (2) AddFileList method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3007 | 2 Flock, Mozilla | 3 Flock, Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker. | |||||