Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0290 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 5.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06). | |||||
| CVE-2006-6124 | 1 Biba Software | 1 Seleniumserver Web Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1876 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability." | |||||
| CVE-2006-6221 | 1 2x | 1 Thinclientserver | 2025-04-09 | 7.5 HIGH | N/A |
| 2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request. | |||||
| CVE-2006-6812 | 1 Myphpcalendar | 1 Myphpcalendar | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php. | |||||
| CVE-2006-6713 | 1 Hitachi | 1 Hitachi Directory Server 2 | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests. | |||||
| CVE-2007-4193 | 1 Ide Group | 1 Dvd Rental System Drs | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE. | |||||
| CVE-2007-4252 | 1 Chilkat Software | 1 Asp String | 2025-04-09 | 4.3 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633. | |||||
| CVE-2006-5836 | 1 Opendarwin | 1 Darwin Kernel | 2025-04-09 | 7.2 HIGH | N/A |
| The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type. | |||||
| CVE-2007-3523 | 1 Groupeclan.free.fr | 1 Xcms | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter. | |||||
| CVE-2007-0965 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request. | |||||
| CVE-2007-1948 | 1 Irfanview | 1 Irfanview | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp. | |||||
| CVE-2007-2312 | 1 Vwar | 1 Virtual War | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement. | |||||
| CVE-2006-6937 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter. | |||||
| CVE-2007-1997 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 7.5 HIGH | N/A |
| Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. | |||||
| CVE-2007-1999 | 1 Nazarkin.name | 1 Weatimages | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter. | |||||
| CVE-2006-5804 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2007-1603 | 1 Weekly Drawing Contest | 1 Weekly Drawing Contest | 2025-04-09 | 7.5 HIGH | N/A |
| admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request. | |||||
| CVE-2007-3293 | 1 Livecms | 1 Livecms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-3658 | 1 Microsoft | 1 Register Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library. | |||||