Total
27865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-0759 | 1 Umberto Caldera | 1 Easymoblog | 2008-11-14 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php. | |||||
CVE-2007-0565 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2008-11-14 | 7.5 HIGH | N/A |
CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors. | |||||
CVE-2007-0622 | 1 Mybb | 1 Mybb | 2008-11-14 | 5.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0367 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2008-11-14 | 4.6 MEDIUM | N/A |
Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files. | |||||
CVE-2007-0442 | 1 Ibm | 1 Os 400 | 2008-11-14 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain. | |||||
CVE-2007-0183 | 1 Sun | 1 Iplanet Web Server | 2008-11-14 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0187 | 1 F5 | 1 Firepass | 2008-11-14 | 7.5 HIGH | N/A |
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. | |||||
CVE-2007-0308 | 1 Plain Black | 1 Webgui | 2008-11-14 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles. | |||||
CVE-2007-0264 | 1 Winzip | 1 Winzip | 2008-11-14 | 6.6 MEDIUM | N/A |
Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0263 | 1 Total Commander | 1 Total Commander | 2008-11-14 | 7.1 HIGH | N/A |
Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0166 | 1 Freebsd | 1 Freebsd | 2008-11-14 | 6.6 MEDIUM | N/A |
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. | |||||
CVE-2007-0147 | 1 Cuyahoga | 1 Cuyahoga | 2008-11-14 | 5.0 MEDIUM | N/A |
Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles. | |||||
CVE-2006-7002 | 1 Wheatblog | 1 Wheatblog | 2008-11-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195. | |||||
CVE-2006-7099 | 1 Solarpay | 1 Solarpay | 2008-11-14 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-5877 | 2 Enigmail, Ubuntu | 2 Enigmail, Ubuntu Linux | 2008-11-14 | 7.8 HIGH | N/A |
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. | |||||
CVE-2006-5141 | 1 Kevin A. Gordon | 1 Open Geo Targeting | 2008-11-14 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2006-5090 | 1 Phoenix Evolution | 1 Phoenix Evolution Cms | 2008-11-14 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2005-2056 | 1 Clam Anti-virus | 1 Clamav | 2008-11-14 | 2.6 LOW | N/A |
The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive. | |||||
CVE-2005-1256 | 1 Ipswitch | 3 Imail, Imail Server, Ipswitch Collaboration Suite | 2008-11-14 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name. | |||||
CVE-2005-1255 | 1 Ipswitch | 3 Imail, Imail Server, Ipswitch Collaboration Suite | 2008-11-14 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character. |