ReportizFlow
Filtered by vendor
Subscriptions
Total
29887 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3161 | 1 Visicom Media | 1 Ace-ftp | 2025-04-09 | N/A |
| Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response. | ||||
| CVE-2007-3170 | 1 Uebimiau | 1 Uebimiau | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. | ||||
| CVE-2007-3181 | 2 Bakbone, Firebirdsql | 2 Netvault, Firebird | 2025-04-09 | N/A |
| Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." | ||||
| CVE-2007-3188 | 1 Geometrix Download Portal | 1 Geometrix Download Portal | 2025-04-09 | N/A |
| SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3190 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters. | ||||
| CVE-2007-4235 | 1 Vietphp | 1 Vietphp | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php. | ||||
| CVE-2007-4256 | 1 Ynp | 1 Portal Systems | 2025-04-09 | N/A |
| Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. | ||||
| CVE-2007-4265 | 1 Visionera Ab | 1 Visionproject | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do. | ||||
| CVE-2007-4284 | 1 Cisco | 1 Meetingplace Web Confrencing | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message. | ||||
| CVE-2007-4291 | 1 Cisco | 1 Ios | 2025-04-09 | N/A |
| Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption. | ||||
| CVE-2006-6816 | 1 Dmxready | 1 Dmxready Secure Login Manager | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo. | ||||
| CVE-2006-6818 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-09 | N/A |
| AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. | ||||
| CVE-2007-4316 | 1 Zyxel | 2 Zynos, Zywall 2 | 2025-04-09 | N/A |
| The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions. | ||||
| CVE-2007-2542 | 1 Workbench Survival Guide | 1 Workbench Survival Guide | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2007-2904 | 1 Sun | 1 Java System Messaging Server | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653. | ||||
| CVE-2007-2891 | 1 Firmworx | 1 Firmworx | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php. | ||||
| CVE-2007-2492 | 1 Postnuke Software Foundation | 1 Postnuke V4bjournal Module | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action. | ||||
| CVE-2007-2866 | 1 Phpecho Cms | 1 Phpecho Cms | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2835 | 2 Debian, Unicon-imc2 | 2 Debian Linux, Unicon-imc2 | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable. | ||||
| CVE-2007-1222 | 2 Apple, Parallels | 2 Mac Os X, Parallels Desktop | 2025-04-09 | N/A |
| Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. | ||||