Total
29519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1994 | 1 Hp | 1 Hp-ux | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916. | |||||
| CVE-2007-0928 | 1 Virtual Calendar | 1 Virtual Calendar | 2025-04-09 | 5.0 MEDIUM | N/A |
| Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt. | |||||
| CVE-2006-5508 | 1 Woltlab | 1 Burning Book | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header. | |||||
| CVE-2007-1616 | 1 Scriptmagix | 1 Scriptmagix Lyrics | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter. | |||||
| CVE-2006-5499 | 1 Serendipity | 1 Serendipity | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. | |||||
| CVE-2006-5884 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. | |||||
| CVE-2007-2705 | 1 Bea | 2 Weblogic Integration, Weblogic Workshop | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors. | |||||
| CVE-2007-0578 | 1 Mpg123 | 1 Mpg123 | 2025-04-09 | 4.3 MEDIUM | N/A |
| The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. | |||||
| CVE-2007-0261 | 1 Snews | 1 Snews | 2025-04-09 | 10.0 HIGH | N/A |
| snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. | |||||
| CVE-2007-0145 | 1 Bingo News | 1 Bingo News | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649. | |||||
| CVE-2006-6097 | 1 Gnu | 1 Tar | 2025-04-09 | 4.0 MEDIUM | N/A |
| GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | |||||
| CVE-2007-2845 | 1 Avast | 1 Avast Antivirus | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around". | |||||
| CVE-2007-3548 | 1 W3filer | 1 W3filer | 2025-04-09 | 7.1 HIGH | N/A |
| Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file. | |||||
| CVE-2006-6574 | 1 Mantis | 1 Mantis | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | |||||
| CVE-2007-3141 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042. | |||||
| CVE-2006-6118 | 1 Mmgallery | 1 Mmgallery | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1.55 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2007-0253 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven | |||||
| CVE-2007-2150 | 1 Bluearc | 1 Titan | 2025-04-09 | 7.8 HIGH | N/A |
| BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | |||||
| CVE-2007-0850 | 1 Syscp Team | 1 Syscp | 2025-04-09 | 7.5 HIGH | N/A |
| scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table. | |||||
| CVE-2007-3726 | 1 Rarlab | 1 Unrar | 2025-04-09 | 4.3 MEDIUM | N/A |
| Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number. | |||||