Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3259 | 1 Vincent Hor | 1 Calendarix | 2025-04-09 | 5.0 MEDIUM | N/A |
| Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages. | |||||
| CVE-2006-5371 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Email Center component in Oracle E-Business Suite 11.5.9 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS07. | |||||
| CVE-2006-4576 | 1 The Address Book | 1 The Address Book | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer. | |||||
| CVE-2007-1959 | 1 Tinymux | 1 Tinymux | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection." | |||||
| CVE-2007-2953 | 1 Vim Development Group | 1 Vim | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. | |||||
| CVE-2007-2025 | 1 Phpwiki | 1 Phpwiki | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file. | |||||
| CVE-2008-3350 | 1 The Kelleys | 1 Dnsmasq | 2025-04-09 | 5.0 MEDIUM | N/A |
| dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214. | |||||
| CVE-2006-5972 | 1 Netgear | 2 Wg111v2, Wg111v2 Driver | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request. | |||||
| CVE-2007-4279 | 1 Frontaccounting | 1 Frontaccounting | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter. | |||||
| CVE-2006-6027 | 1 Adobe | 1 Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
| Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control. | |||||
| CVE-2006-6959 | 1 Webroot Software | 1 Spy Sweeper | 2025-04-09 | 4.6 MEDIUM | N/A |
| WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys. | |||||
| CVE-2006-6613 | 1 Phpalbum.net | 1 Phpalbum | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | |||||
| CVE-2007-1464 | 1 Inkscape | 1 Inkscape | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-5915 | 1 Samedia | 1 Landshop | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter. | |||||
| CVE-2007-2055 | 1 Afflib | 1 Afflib | 2025-04-09 | 7.5 HIGH | N/A |
| AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called. | |||||
| CVE-2007-0227 | 1 Slocate | 1 Slocate | 2025-04-09 | 5.0 MEDIUM | N/A |
| slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7. | |||||
| CVE-2006-6649 | 1 Hypervm | 1 Hypervm | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the severity of the issue, or its existence. | |||||
| CVE-2007-0579 | 1 Horde | 1 Groupware | 2025-04-09 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6919 | 1 Sage-mozdev | 1 Sage | 2025-04-09 | 6.8 MEDIUM | N/A |
| Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script. | |||||
| CVE-2007-0382 | 1 Letterman | 1 Letterman | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions. | |||||