Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0548 | 1 Karjasoft | 1 Sami Http Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects. | |||||
| CVE-2007-4392 | 1 Nullsoft | 1 Winamp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. | |||||
| CVE-2006-6857 | 1 Docebolms | 1 Docebolms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2007-3813 | 1 Mkportal | 1 Noboard Module | 2025-04-09 | 4.3 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter. | |||||
| CVE-2006-5888 | 1 Superfreaker Studios | 1 Upublisher | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2007-3205 | 2 Hardened-php Project, Php | 3 Hardened-php, Subhosin, Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin. | |||||
| CVE-2007-1545 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2025-04-09 | 5.0 MEDIUM | N/A |
| The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. | |||||
| CVE-2006-5637 | 1 Faq Administrator | 1 Faq Administrator | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter. | |||||
| CVE-2006-5034 | 1 Paul Smith Computer Services | 1 Vcap | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2007-3073 | 3 Apple, Mozilla, Unix | 3 Mac Os X, Firefox, Unix | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. | |||||
| CVE-2007-2333 | 1 Nortel | 3 Contivity, Vpn Router 5000, Vpn Router Portfolio | 2025-04-09 | 10.0 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network. | |||||
| CVE-2006-6614 | 2 Debian, Thomas Lange | 2 Debian Linux, Fully Automated Installation | 2025-04-09 | 1.9 LOW | N/A |
| The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash. | |||||
| CVE-2008-7211 | 2 Microsoft, Soundblaster | 2 Windows Vista, Ensoniq Pci Es1371 Wdm Driver | 2025-04-09 | 6.9 MEDIUM | N/A |
| CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. | |||||
| CVE-2006-5019 | 1 Google | 1 Mini Search Appliance | 2025-04-09 | 5.0 MEDIUM | N/A |
| Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message. | |||||
| CVE-2007-3795 | 1 Hitachi | 1 Tpi Server Base | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port. | |||||
| CVE-2007-3044 | 2 Hitachi, Hp | 3 Hi Ux We2, Xp W, Hp-ux | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port. | |||||
| CVE-2007-0834 | 1 Darrens 5-dollar Script Archive | 1 Flashchat | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2617 | 1 Sun | 2 Net Connect Software, Solaris | 2025-04-09 | 2.1 LOW | N/A |
| srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. | |||||
| CVE-2006-6915 | 1 Ibm | 1 Aix | 2025-04-09 | 4.0 MEDIUM | N/A |
| ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources. | |||||
| CVE-2007-3450 | 1 Gorani Network | 1 6alblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||