Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by NVD-CWE-Other
Total 27865 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0759 1 Umberto Caldera 1 Easymoblog 2008-11-14 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php.
CVE-2007-0565 1 Cgi-rescue 1 Shopping Basket Professional 2008-11-14 7.5 HIGH N/A
CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors.
CVE-2007-0622 1 Mybb 1 Mybb 2008-11-14 5.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0367 1 Maxum Development Corporation 1 Rumpus Ftp Server 2008-11-14 4.6 MEDIUM N/A
Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.
CVE-2007-0442 1 Ibm 1 Os 400 2008-11-14 5.0 MEDIUM N/A
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
CVE-2007-0183 1 Sun 1 Iplanet Web Server 2008-11-14 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0187 1 F5 1 Firepass 2008-11-14 7.5 HIGH N/A
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.
CVE-2007-0308 1 Plain Black 1 Webgui 2008-11-14 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.
CVE-2007-0264 1 Winzip 1 Winzip 2008-11-14 6.6 MEDIUM N/A
Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0263 1 Total Commander 1 Total Commander 2008-11-14 7.1 HIGH N/A
Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0166 1 Freebsd 1 Freebsd 2008-11-14 6.6 MEDIUM N/A
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.
CVE-2007-0147 1 Cuyahoga 1 Cuyahoga 2008-11-14 5.0 MEDIUM N/A
Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.
CVE-2006-7002 1 Wheatblog 1 Wheatblog 2008-11-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195.
CVE-2006-7099 1 Solarpay 1 Solarpay 2008-11-14 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5877 2 Enigmail, Ubuntu 2 Enigmail, Ubuntu Linux 2008-11-14 7.8 HIGH N/A
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
CVE-2006-5141 1 Kevin A. Gordon 1 Open Geo Targeting 2008-11-14 7.5 HIGH N/A
PHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5090 1 Phoenix Evolution 1 Phoenix Evolution Cms 2008-11-14 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-2056 1 Clam Anti-virus 1 Clamav 2008-11-14 2.6 LOW N/A
The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.
CVE-2005-1256 1 Ipswitch 3 Imail, Imail Server, Ipswitch Collaboration Suite 2008-11-14 10.0 HIGH N/A
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
CVE-2005-1255 1 Ipswitch 3 Imail, Imail Server, Ipswitch Collaboration Suite 2008-11-14 10.0 HIGH N/A
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.