Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3631 | 1 Gamesitescript | 1 Gamesitescript | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field. | |||||
| CVE-2006-6425 | 1 Novell | 1 Netmail | 2025-04-09 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command. | |||||
| CVE-2007-0665 | 1 Ipswitch | 1 Ws Ftp Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command. | |||||
| CVE-2006-5855 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message. | |||||
| CVE-2007-1904 | 1 Aol | 2 Icq, Instant Messenger | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. | |||||
| CVE-2007-2354 | 1 Progress | 1 Webspeed Messenger | 2025-04-09 | 7.8 HIGH | N/A |
| Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. | |||||
| CVE-2009-0253 | 1 Mozilla | 1 Firefox | 2025-04-09 | 6.8 MEDIUM | N/A |
| Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack. | |||||
| CVE-2007-0159 | 1 Geoip | 1 Geoip | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename. | |||||
| CVE-2006-5240 | 1 Docmint | 1 Docmint Cms | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter. | |||||
| CVE-2006-5217 | 1 Emek Portal | 1 Emek Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp, also known as the Kullanici Adi (k_a) and Sifre (sifre) parameters. | |||||
| CVE-2007-2565 | 1 Cdelia Software | 1 Imageprocessing | 2025-04-09 | 7.1 HIGH | N/A |
| Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file. | |||||
| CVE-2007-4155 | 1 Emc | 1 Vmware | 2025-04-09 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method. | |||||
| CVE-2006-5838 | 1 Newp | 1 News Publication System | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter. | |||||
| CVE-2007-0919 | 1 Nickolas Grigoriadis | 1 Mini Web Server | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. | |||||
| CVE-2007-2209 | 2 Accusoft, Corel | 2 Imagegear, Paint Shop Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources. | |||||
| CVE-2007-1994 | 1 Hp | 1 Hp-ux | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916. | |||||
| CVE-2006-4407 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. | |||||
| CVE-2007-0199 | 1 Cisco | 1 Ios | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." | |||||
| CVE-2006-6330 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 6.0 MEDIUM | N/A |
| index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter. | |||||
| CVE-2006-5108 | 1 Devellion | 1 Cubecart | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php. | |||||