Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0555 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 8.5 HIGH | N/A |
| PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. | |||||
| CVE-2007-0415 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2009-2864 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423. | |||||
| CVE-2007-1954 | 1 Archivexpert | 1 Archivexpert | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file. | |||||
| CVE-2008-2714 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced." | |||||
| CVE-2007-3408 | 1 Dia | 1 Dia | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351. | |||||
| CVE-2007-3480 | 1 Pc Soft | 1 Windev | 2025-04-09 | 7.1 HIGH | N/A |
| PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file. | |||||
| CVE-2007-4175 | 1 Openrat | 1 Openrat Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters. | |||||
| CVE-2006-6078 | 1 A-conman | 1 A-conman | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.inc.php in a-ConMan 3.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the cm_basedir parameter. | |||||
| CVE-2007-0278 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). | |||||
| CVE-2007-2067 | 1 Webslider | 1 Webslider | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php. | |||||
| CVE-2007-1419 | 1 Sun | 1 Java Dynamic Management Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user. | |||||
| CVE-2006-6369 | 1 Invision Power Services | 1 Invision Community Blog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. | |||||
| CVE-2006-5476 | 1 Drupal | 1 Drupal | 2025-04-09 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | |||||
| CVE-2006-7145 | 1 Call-center-software | 1 Call-center-software | 2025-04-09 | 5.5 MEDIUM | N/A |
| edit_user.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified user_id parameter. | |||||
| CVE-2008-4830 | 1 Sap | 1 Sap Gui | 2025-04-09 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method. | |||||
| CVE-2007-1497 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
| nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | |||||
| CVE-2006-6091 | 1 Grimbb | 1 Grimbb | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1219 | 1 Admin Phorum | 1 Admin Phorum | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2007-1525 | 1 Dayfox Designs | 1 Dayfox Blog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php. | |||||