Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6851 | 1 Mobilelib | 1 Mobilelib Gold | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. | |||||
| CVE-2007-4562 | 1 Hitachi | 2 Cosminexus Dabroker, Dabroker | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosminexus DABroker before 02-04-/C and 03-05-/E allows remote attackers to cause a denial of service (connection prevention) by sending "data unexpectedly through a port." | |||||
| CVE-2007-1418 | 1 Mindtouch | 1 Dekiwiki | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2006-6707 | 1 Mcafee | 2 Neotrace, Visual Trace | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0764 | 1 F3site | 1 F3site | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php. | |||||
| CVE-2007-2941 | 1 Michael Brandon | 1 Vbgsitemap | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php. | |||||
| CVE-2007-2465 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function. | |||||
| CVE-2007-3213 | 1 Sporum Forum | 1 Sporum Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters. | |||||
| CVE-2007-1791 | 1 Alexscriptengine | 1 Picture-engine | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-0396 | 1 Hp | 1 Hp-ux | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors. | |||||
| CVE-2006-4516 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 4.9 MEDIUM | N/A |
| Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call. | |||||
| CVE-2007-1119 | 1 Novell | 1 Zenworks | 2025-04-09 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. | |||||
| CVE-2008-1070 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
| The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | |||||
| CVE-2007-4524 | 1 Phpress | 1 Phpress | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
| CVE-2009-2810 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe" warning message. | |||||
| CVE-2007-3235 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection. | |||||
| CVE-2006-6510 | 1 Sitekiosk | 1 Sitekiosk | 2025-04-09 | 1.7 LOW | N/A |
| An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions. | |||||
| CVE-2006-5036 | 1 Squiz | 2 Mysource Classic, Mysource Matrix | 2025-04-09 | 6.8 MEDIUM | N/A |
| MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability. | |||||
| CVE-2007-1328 | 1 Bernard Joly | 1 Bj Webring | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu. | |||||
| CVE-2006-5211 | 1 Trend Micro | 1 Officescan Corporate Edition | 2025-04-09 | 6.4 MEDIUM | N/A |
| Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program. | |||||