Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1955 | 1 Signkorea | 1 Skcommax Activex Control | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5297 | 1 Mutt | 1 Mutt | 2025-04-09 | 1.2 LOW | N/A |
| Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. | |||||
| CVE-2007-4185 | 1 Joomla | 1 Joomla | 2025-04-09 | 5.0 MEDIUM | N/A |
| Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages. | |||||
| CVE-2007-3830 | 1 Ibm | 2 Proventia Network Ips Gx5008, Proventia Network Ips Gx5108 | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. | |||||
| CVE-2007-0640 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." | |||||
| CVE-2007-1706 | 1 Ewebquiz | 1 Ewebquiz | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter. | |||||
| CVE-2007-0429 | 1 Divx | 1 Divx Player | 2025-04-09 | 5.0 MEDIUM | N/A |
| DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. | |||||
| CVE-2007-2813 | 1 Cisco | 1 Ios Transmission Control Protocol | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session. | |||||
| CVE-2007-4432 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | |||||
| CVE-2007-4477 | 1 Planet Technology Corp | 1 Vc-200m Vdsl2 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header. | |||||
| CVE-2007-0496 | 1 Neon Labs | 1 Neon Labs Website | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. | |||||
| CVE-2006-5662 | 1 Evandor | 1 Easy Notesmanager | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows remote attackers to execute arbitrary SQL commands via (1) the username parameter in login.php and (2) a search on the "search page." | |||||
| CVE-2007-2992 | 1 Omegasoft | 1 Interneserviceslosungen | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields. | |||||
| CVE-2007-1998 | 1 Hiox India | 1 Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php. | |||||
| CVE-2009-0622 | 1 Cisco | 4 Ace 4710, Application Control Engine Module, Catalyst 6500 and 1 more | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI). | |||||
| CVE-2006-6699 | 1 Oracle | 1 Application Server Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697. | |||||
| CVE-2007-0703 | 1 Webbuilder | 1 Webbuilder | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter. | |||||
| CVE-2007-4322 | 1 Ac Zoom | 1 Blockhosts | 2025-04-09 | 6.8 MEDIUM | N/A |
| BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765. | |||||
| CVE-2007-0133 | 1 Igeneric | 1 Ig Shop | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter. | |||||
| CVE-2007-3542 | 1 Pluxml | 1 Pluxml | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||