Total
29519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3022 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks. | |||||
| CVE-2007-1343 | 1 Webcalendar | 1 Webcalendar | 2025-04-09 | 7.5 HIGH | N/A |
| includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. | |||||
| CVE-2007-0432 | 1 Bea | 1 Aqualogic Service Bus | 2025-04-09 | 7.5 HIGH | N/A |
| BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities. | |||||
| CVE-2006-6473 | 1 Xerox | 1 Workcentre | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb. | |||||
| CVE-2007-3325 | 1 Lms | 1 Lan Management System | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205. | |||||
| CVE-2007-1698 | 1 Philex | 1 Philex | 2025-04-09 | 5.0 MEDIUM | N/A |
| download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. | |||||
| CVE-2006-5514 | 1 Web Group Communication Center | 1 Web Group Communication Center | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter. | |||||
| CVE-2007-3228 | 1 Simian Systems Inc | 1 Sitellite Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to the PhpDocumentor directory tree is blocked by .htaccess. | |||||
| CVE-2006-5290 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | 7.5 HIGH | N/A |
| The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname." | |||||
| CVE-2006-6122 | 1 Tin | 1 Tin | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804. | |||||
| CVE-2006-7143 | 1 Call-center-software | 1 Call-center-software | 2025-04-09 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field. | |||||
| CVE-2007-1719 | 2 Freebsd, Jason W. Bacon | 2 Freebsd, Mcweject | 2025-04-09 | 7.2 HIGH | N/A |
| Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name. | |||||
| CVE-2007-0423 | 1 Oracle | 1 Weblogic Portal | 2025-04-09 | 4.4 MEDIUM | N/A |
| BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact. | |||||
| CVE-2007-0769 | 1 Phorum | 1 Phorum | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly. | |||||
| CVE-2008-5986 | 1 Csound | 1 Csound | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2007-0638 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2025-04-09 | 5.0 MEDIUM | N/A |
| show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter. | |||||
| CVE-2007-2012 | 1 Mimarsinan | 1 Comprexx | 2025-04-09 | 5.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive. | |||||
| CVE-2006-6921 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died. | |||||
| CVE-2007-3946 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 6.4 MEDIUM | N/A |
| mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. | |||||
| CVE-2006-7003 | 1 Fusionphp | 1 Fusion Polls | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter. | |||||