Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6659 | 1 Microsoft | 3 Ie, Outlook, Windows Xp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
|
|||||
| CVE-2007-2231 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
|
|||||
| CVE-2007-1110 | 1 Activecalendar | 1 Activecalendar | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2006-5378 | 1 Oracle | 1 Enterpriseone | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in JD Edwards HTML Server in JD Edwards EnterpriseOne SP23_O2, 8.95.P1, and 8.96.D1 has unknown impact and remote authenticated attack vectors, aka Vuln# JDE01.
|
|||||
| CVE-2007-1896 | 1 Sky Gunning | 1 Myspeach | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.
|
|||||
| CVE-2006-6509 | 1 Sitekiosk | 1 Sitekiosk | 2025-04-09 | 4.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.
|
|||||
| CVE-2007-2693 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 3.5 LOW | N/A |
|
MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
|
|||||
| CVE-2006-7069 | 1 Socketwiz | 1 Bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter.
|
|||||
| CVE-2006-5608 | 1 Drupal | 1 Extended Tracker | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs."
|
|||||
| CVE-2009-0756 | 1 Poppler | 1 Poppler | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.
|
|||||
| CVE-2007-2241 | 1 Isc | 1 Bind | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
|
|||||
| CVE-2007-2624 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-1382 | 2 Microsoft, Php | 2 All Windows, Com Extensions | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.
|
|||||
| CVE-2008-1480 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 4.3 MEDIUM | N/A |
|
rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.
|
|||||
| CVE-2007-3693 | 1 Gobi And Helma | 1 Gobi | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.
|
|||||
| CVE-2007-0384 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-2207 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter.
|
|||||
| CVE-2006-6283 | 1 Vikingboard | 1 Vikingboard | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bulletin board post.
|
|||||
| CVE-2007-0536 | 1 Rpath | 1 Rpath Linux | 2025-04-09 | 7.2 HIGH | N/A |
|
The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.
|
|||||
| CVE-2007-3317 | 1 Avaya | 1 One-x | 2025-04-09 | 7.8 HIGH | N/A |
|
The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message.
|
|||||
| CVE-2007-1646 | 1 Subhub | 1 Subhub | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe.
|
|||||
| CVE-2007-4562 | 1 Hitachi | 2 Cosminexus Dabroker, Dabroker | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosminexus DABroker before 02-04-/C and 03-05-/E allows remote attackers to cause a denial of service (connection prevention) by sending "data unexpectedly through a port."
|
|||||
| CVE-2007-2480 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications.
|
|||||
| CVE-2007-1393 | 1 Geo Soft | 1 Magic Cms | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
|
|||||
| CVE-2007-4159 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 5.0 MEDIUM | N/A |
|
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request.
|
|||||
| CVE-2006-5382 | 1 3com | 1 Superstack 3 Switch 4400 | 2025-04-09 | 7.5 HIGH | N/A |
|
3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned.
|
|||||
| CVE-2009-4118 | 1 Cisco | 1 Vpn Client | 2025-04-09 | 2.1 LOW | N/A |
|
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
|
|||||
| CVE-2006-6903 | 1 Toshiba | 1 Bluetooth | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
|
|||||
| CVE-2007-1505 | 1 Fujitsu | 2 Fence, Systemwalker Desktop Encryption | 2025-04-09 | 2.1 LOW | N/A |
|
Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types.
|
|||||
| CVE-2006-4697 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
|
|||||
| CVE-2007-3000 | 1 Php Jackknife | 1 Php Jackknife | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php.
|
|||||
| CVE-2007-2648 | 1 Clever Components | 1 Clever Database Comparer | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the Clever Database Comparer 2.2 ActiveX control (comparerax.ocx) allows remote attackers to execute arbitrary code via a long argument to the ConnectToDatabase function.
|
|||||
| CVE-2007-0954 | 1 Mohachat | 1 Moha Chat | 2025-04-09 | 10.0 HIGH | N/A |
|
MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.
|
|||||
| CVE-2006-5059 | 1 Wired Community Software | 1 Wwwthreads | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php.
|
|||||
| CVE-2007-1516 | 1 Cicoandcico | 1 Ccmail | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter.
|
|||||
| CVE-2007-0265 | 1 Ezboxx | 1 Portal System Beta | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp.
|
|||||
| CVE-2006-6121 | 1 Acer | 1 Lunchapp.aplunch | 2025-04-09 | 9.3 HIGH | N/A |
|
Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method.
|
|||||
| CVE-2006-7006 | 1 Robin De Graff | 1 Somery | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals
|
|||||
| CVE-2007-4027 | 1 Areca | 1 Cli | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid.
|
|||||
| CVE-2007-3266 | 1 Ifnet | 1 Webif.cgi | 2025-04-09 | 9.0 HIGH | N/A |
|
Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter.
|
|||||