Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2451 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2007-2346 | 1 Php-generics | 1 Php-generics | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 beta allow remote attackers to execute arbitrary PHP code via a URL in the _APP_RELATIVE_PATH parameter to (1) include.php, (2) dbcommon/include.php, and (3) exception/include.php.
|
|||||
| CVE-2006-4509 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
|
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.
|
|||||
| CVE-2006-5189 | 1 Klinza | 1 Klinza Professional Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php in klinza professional cms 5.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appl[APPL] parameter.
|
|||||
| CVE-2007-4176 | 1 Eqdkp | 1 Eqdkp Plus | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors.
|
|||||
| CVE-2009-4410 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors.
|
|||||
| CVE-2006-5523 | 1 Ez-ticket | 1 Ez-ticket | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter.
|
|||||
| CVE-2009-3957 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.
|
|||||
| CVE-2006-4576 | 1 The Address Book | 1 The Address Book | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer.
|
|||||
| CVE-2007-1375 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
|
|||||
| CVE-2007-4361 | 1 Netgear | 1 Readynas Raidiator | 2025-04-09 | 10.0 HIGH | N/A |
|
NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.
|
|||||
| CVE-2007-2392 | 1 Apple | 2 Mac Os X, Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.
|
|||||
| CVE-2007-1873 | 1 Mephisto | 1 Mephisto | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.
|
|||||
| CVE-2006-7093 | 1 Mamboxchange | 1 Laithai | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-4194 | 1 Guidance Software | 1 Encase | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Guidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service (stack memory consumption) and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory. It might overlap CVE-2007-4036.
|
|||||
| CVE-2006-7092 | 1 Mamboxchange | 1 Laithai | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.
|
|||||
| CVE-2007-0442 | 1 Ibm | 1 Os 400 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
|
|||||
| CVE-2007-1345 | 1 Broadcom | 1 Etrust Admin | 2025-04-09 | 4.1 MEDIUM | N/A |
|
Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.
|
|||||
| CVE-2006-6572 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6844 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.
|
|||||
| CVE-2007-3492 | 1 Conti | 1 Ftpserver | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command.
|
|||||
| CVE-2007-0387 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2008-3837 | 3 Canonical, Debian, Mozilla | 4 Ubuntu Linux, Debian Linux, Firefox and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
|
|||||
| CVE-2006-7012 | 1 Scart | 1 Scart | 2025-04-09 | 10.0 HIGH | N/A |
|
scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action.
|
|||||
| CVE-2009-1681 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
|
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
|
|||||
| CVE-2007-3099 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 2.1 LOW | N/A |
|
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).
|
|||||
| CVE-2007-0088 | 1 Openmedia | 1 Openmedia | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php.
|
|||||
| CVE-2006-6730 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2025-04-09 | 6.6 MEDIUM | N/A |
|
OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.
|
|||||
| CVE-2006-4511 | 1 Novell | 1 Groupwise Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines."
|
|||||
| CVE-2006-5452 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.
|
|||||
| CVE-2009-1381 | 1 Squirrelmail | 3 Imap General.php, Squirrelmail, Squirrelmail1.4.19-1 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.
|
|||||
| CVE-2007-0507 | 1 Drupal | 1 Acidfree | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.
|
|||||
| CVE-2007-0176 | 1 Gforge | 1 Gforge | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
|
|||||
| CVE-2007-1075 | 1 Turbosoft | 1 Turboftp | 2025-04-09 | 7.8 HIGH | N/A |
|
TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters.
|
|||||
| CVE-2007-2227 | 1 Microsoft | 5 Outlook Express, Windows 2003 Server, Windows Mail and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
|
|||||
| CVE-2009-2979 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.
|
|||||
| CVE-2006-6567 | 1 Mxbb | 1 Kb Mods | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
|
|||||
| CVE-2006-6817 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-09 | 5.0 MEDIUM | N/A |
|
AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617.
|
|||||
| CVE-2007-4078 | 1 Alstrasoft | 1 Text Ads Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php.
|
|||||
| CVE-2007-0595 | 1 Designmind | 1 High5 Review Script | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box).
|
|||||