Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3840 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet.
|
|||||
| CVE-2007-1910 | 1 Microsoft | 1 Word | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
|
|||||
| CVE-2007-2441 | 1 Caucho Technology | 1 Resin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.
|
|||||
| CVE-2007-0645 | 1 Apple | 1 Iphoto | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.
|
|||||
| CVE-2007-3198 | 1 Maran | 1 Php Blog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2007-1181 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors.
|
|||||
| CVE-2006-6829 | 1 Efkan Forum | 1 Efkan Forum | 2025-04-09 | 7.8 HIGH | N/A |
|
Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5339 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079.
|
|||||
| CVE-2007-3218 | 1 Php Live | 1 Php Live | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter.
|
|||||
| CVE-2007-0431 | 1 Avm | 1 Fritzbox | 2025-04-09 | 7.8 HIGH | N/A |
|
AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060).
|
|||||
| CVE-2007-2186 | 2 Foxit, Microsoft | 9 Pdf Reader, Windows 2000, Windows 2003 Server and 6 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
|
|||||
| CVE-2006-6279 | 1 Alexphpteam | 1 Alex Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message.
|
|||||
| CVE-2006-5955 | 1 20 20 Applications | 1 20 20 Datashed | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6495 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.
|
|||||
| CVE-2006-5479 | 1 Novell | 1 Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment."
|
|||||
| CVE-2007-4352 | 1 Xpdf | 1 Xpdf | 2025-04-09 | 7.6 HIGH | N/A |
|
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
|
|||||
| CVE-2007-2492 | 1 Postnuke Software Foundation | 1 Postnuke V4bjournal Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action.
|
|||||
| CVE-2006-5896 | 1 Remlab | 1 Web Mech Designer | 2025-04-09 | 5.0 MEDIUM | N/A |
|
REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message.
|
|||||
| CVE-2009-1723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.
|
|||||
| CVE-2007-0999 | 1 Gnome | 1 Ekiga | 2025-04-09 | 9.3 HIGH | N/A |
|
Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.
|
|||||
| CVE-2007-0713 | 1 Apple | 1 Quicktime | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.
|
|||||
| CVE-2006-6763 | 1 Keep It Simple Guest Book | 1 Keep It Simple Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php.
|
|||||
| CVE-2007-0624 | 1 Maxdev | 1 Mdpro | 2025-04-09 | 5.0 MEDIUM | N/A |
|
user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.
|
|||||
| CVE-2008-1845 | 1 Mirbsd | 1 Miros | 2025-04-09 | 7.2 HIGH | N/A |
|
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.
|
|||||
| CVE-2007-1096 | 1 Virtuemart | 1 Virtuemart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.
|
|||||
| CVE-2007-3992 | 1 Iexpress | 1 Property Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1387 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 4.3 MEDIUM | N/A |
|
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
|
|||||
| CVE-2006-6546 | 1 Cutenews Aj-fork | 1 Cutenews Aj-fork | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/shows.inc.php in cutenews aj-fork (CN:AJ) 167f and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter.
|
|||||
| CVE-2007-1956 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter.
|
|||||
| CVE-2006-5287 | 1 Xeobook | 1 Xeobook | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via (1) the User-Agent HTTP header, or the (2) gb_entry_text, (3) gb_location, (4) gb_fullname, or (5) gb_sex parameters.
|
|||||
| CVE-2006-5502 | 1 Aol | 1 Aol | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501.
|
|||||
| CVE-2006-5225 | 1 Aai-portal | 1 Aaiportal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-0092 | 1 E-smart Cart | 1 E-smart Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
|
|||||
| CVE-2006-6987 | 1 Softinform | 1 Finebrowser | 2025-04-09 | 7.8 HIGH | N/A |
|
Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
|
|||||
| CVE-2006-6879 | 1 Php-update | 1 Php-update | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
|
|||||
| CVE-2009-4453 | 1 Softcab | 1 Sound Converter Activex | 2025-04-09 | 8.8 HIGH | N/A |
|
Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2011 | 1 Deskpro | 1 Deskpro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
|||||
| CVE-2007-3431 | 1 Valerio Capello | 1 Dagger - The Cutting Edge | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.
|
|||||
| CVE-2006-6782 | 1 Pnamazu | 1 Pnamazu | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-4119 | 1 Berthanas Ziyaretci | 1 Defteri | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Ziyaretci Defteri 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) Pass fields.
|
|||||