Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5492 | 1 Maarch | 1 Maarch | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants." | |||||
| CVE-2007-2071 | 1 Open-gorotto | 1 Open-gorotto | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/. | |||||
| CVE-2007-2854 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter. | |||||
| CVE-2007-0924 | 1 Till Gerken | 1 Phppolls | 2025-04-09 | 7.5 HIGH | N/A |
| Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764. | |||||
| CVE-2007-0792 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.5 HIGH | N/A |
| The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. | |||||
| CVE-2007-4565 | 1 Fetchmail | 1 Fetchmail | 2025-04-09 | 5.0 MEDIUM | N/A |
| sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. | |||||
| CVE-2007-0310 | 1 Bmc | 1 Remedy Action Request System | 2025-04-09 | 5.0 MEDIUM | N/A |
| BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names. | |||||
| CVE-2007-1186 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
| WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact. | |||||
| CVE-2006-5007 | 1 Ibm | 1 Aix | 2025-04-09 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux. | |||||
| CVE-2007-2778 | 1 Molyx | 1 Molyx Board | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts. | |||||
| CVE-2007-3690 | 1 Drupal | 1 Forward Module | 2025-04-09 | 7.8 HIGH | N/A |
| The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | |||||
| CVE-2007-3528 | 1 Dar | 1 Dar | 2025-04-09 | 5.0 MEDIUM | N/A |
| The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files. | |||||
| CVE-2006-5171 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Protection Suites | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172. | |||||
| CVE-2006-5563 | 1 Yahoo | 1 Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-3684 | 1 Masuga Design | 1 Unobtrusive Ajax Star Rating Bar | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php. | |||||
| CVE-2007-0114 | 1 Sun | 1 Java System Content Delivery Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors. | |||||
| CVE-2007-1640 | 1 Classweb | 1 Classweb | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php. | |||||
| CVE-2007-0422 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections. | |||||
| CVE-2006-5912 | 1 Campware.org | 1 Campsite | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords. | |||||
| CVE-2007-1710 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
| The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. | |||||