Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2918 | 1 Logitech | 1 Videocall | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2195 | 1 Alvaro | 1 Alvaros Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
| aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337. | |||||
| CVE-2007-1454 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
| ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b. | |||||
| CVE-2006-6556 | 1 Eyeos | 1 Eyeos | 2025-04-09 | 7.5 HIGH | N/A |
| The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation. | |||||
| CVE-2007-2332 | 1 Nortel | 8 Vpn Router 1010, Vpn Router 1050, Vpn Router 1100 and 5 more | 2025-04-09 | 9.0 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. | |||||
| CVE-2006-6802 | 1 Enthrallweb | 1 Epages | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter. | |||||
| CVE-2007-1932 | 1 Scar4u | 1 Scarnews | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter. | |||||
| CVE-2007-4433 | 1 Aspindir | 1 Text File Search | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field. | |||||
| CVE-2007-2175 | 1 Apple | 1 Safari | 2025-04-09 | 7.6 HIGH | N/A |
| Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. | |||||
| CVE-2007-3295 | 1 Yabb | 1 Yabb | 2025-04-09 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl. | |||||
| CVE-2006-5096 | 1 Virtuemart | 1 Virtuemart Joomla Ecommerrce Edition Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action. | |||||
| CVE-2007-2271 | 1 Rajneel Lal Totaram | 1 Usp Foss Distribution | 2025-04-09 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter. | |||||
| CVE-2007-0659 | 1 Modxcms | 1 Filedownload | 2025-04-09 | 7.5 HIGH | N/A |
| download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials. | |||||
| CVE-2006-5708 | 1 Alt-n | 1 Mdaemon | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks. | |||||
| CVE-2006-6586 | 1 Vblog | 1 Vblog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/. | |||||
| CVE-2007-2926 | 1 Isc | 1 Bind | 2025-04-09 | 4.3 MEDIUM | N/A |
| ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. | |||||
| CVE-2006-5449 | 1 Horde | 1 Ingo H3 | 2025-04-09 | 6.5 MEDIUM | N/A |
| procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. | |||||
| CVE-2007-2317 | 2 Minibb, Tosmo Mambo | 2 Minibb, Tosmo Mambo | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690. | |||||
| CVE-2007-1343 | 1 Webcalendar | 1 Webcalendar | 2025-04-09 | 7.5 HIGH | N/A |
| includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. | |||||
| CVE-2007-0525 | 1 Grigoriadis | 1 Mini Web Server | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors. | |||||