Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1621 | 1 Lbstone | 1 Active Php Bookmark Notes | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254. | |||||
| CVE-2006-5317 | 1 Jhjgubbels | 1 Eboli | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in eboli allows remote attackers to execute arbitrary PHP code via a URL in the contentSpecial parameter. | |||||
| CVE-2009-4410 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors. | |||||
| CVE-2006-3893 | 2 Casio, Newtone | 2 Photo Loader, Imagekit | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document. | |||||
| CVE-2007-3222 | 1 Xoops | 1 Xfsection Module | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. | |||||
| CVE-2007-4510 | 2 Clam Anti-virus, Kolab | 2 Clamav, Kolab Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6130 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.9 MEDIUM | N/A |
| Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket. | |||||
| CVE-2007-3696 | 1 Broadcom | 1 Erwin Data Model Validator | 2025-04-09 | 7.8 HIGH | N/A |
| CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference. | |||||
| CVE-2007-2180 | 1 Nullsoft | 1 Winamp | 2025-04-09 | 7.1 HIGH | N/A |
| Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. | |||||
| CVE-2007-4288 | 1 Microsoft | 1 Windows Media Player | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. | |||||
| CVE-2006-6643 | 1 Fightersoft Multimedia | 1 Star Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments. | |||||
| CVE-2007-2173 | 2 Double Precision Incorporated, Gentoo | 2 Courier-imap, Linux | 2025-04-09 | 10.0 HIGH | N/A |
| Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | |||||
| CVE-2007-3240 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. | |||||
| CVE-2006-6960 | 1 Webroot Software | 1 Spy Sweeper | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression. | |||||
| CVE-2007-1410 | 1 Gaziyapboz | 1 Game Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter. | |||||
| CVE-2007-4201 | 1 Guidance Software | 1 Encase | 2025-04-09 | 5.0 MEDIUM | N/A |
| Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035. | |||||
| CVE-2007-0982 | 1 Taskfreak | 1 Taskfreak | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5538 | 1 D-link | 1 Dsl-g624t | 2025-04-09 | 5.0 MEDIUM | N/A |
| D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request. | |||||
| CVE-2007-0686 | 1 Intel | 1 2200bg Proset Wireless | 2025-04-09 | 7.1 HIGH | N/A |
| The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992. | |||||
| CVE-2007-0092 | 1 E-smart Cart | 1 E-smart Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | |||||