Total
29519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2725 | 1 Db Soft Lab | 1 Dewizardx | 2025-04-09 | 7.5 HIGH | N/A |
| The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function. | |||||
| CVE-2006-7168 | 1 Phpbb | 1 Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2713 | 1 Ifusionservices | 1 Ifdate | 2025-04-09 | 10.0 HIGH | N/A |
| ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI. | |||||
| CVE-2006-5674 | 1 Minibb | 1 Minibb | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin. | |||||
| CVE-2007-1183 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors. | |||||
| CVE-2007-1380 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. | |||||
| CVE-2006-7195 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values. | |||||
| CVE-2007-2079 | 1 Xampp | 1 Apache Distribution | 2025-04-09 | 9.3 HIGH | N/A |
| The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. | |||||
| CVE-2007-2926 | 1 Isc | 1 Bind | 2025-04-09 | 4.3 MEDIUM | N/A |
| ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. | |||||
| CVE-2007-3475 | 1 Gd Graphics Library | 1 Gdlib | 2025-04-09 | 4.3 MEDIUM | N/A |
| The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. | |||||
| CVE-2007-1106 | 1 Nomoketos Rules | 1 Nomoketos Rules | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2772 | 1 Ca | 1 Brightstor Arcserve Backup | 2025-04-09 | 7.8 HIGH | N/A |
| (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. | |||||
| CVE-2006-5447 | 1 Dev | 1 Dev Web Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2008-4728 | 1 Hummingbird | 1 Deployment Wizard | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders. | |||||
| CVE-2007-0748 | 1 Apple | 2 Darwin Streaming Server, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request. | |||||
| CVE-2007-4534 | 1 Vavoom | 1 Vavoom | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via (1) a long string in a chat message and possibly (2) a long name field. | |||||
| CVE-2007-0401 | 1 Easebay Resources | 1 Login Manager | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter. | |||||
| CVE-2007-2489 | 1 Livedata | 1 Protocol Server | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call. | |||||
| CVE-2006-6298 | 1 Maxiasp | 1 Yonetimi | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters. | |||||
| CVE-2007-2423 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||