Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2008 | 1 Pl-php | 1 Pl-php | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-2351 | 1 Hp | 2 Hp-ux, Power Manager Remote Agent | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2085 | 1 Oe2edit | 1 Oe2edit Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-7027 | 1 Microsoft | 1 Isa Server | 2025-04-09 | 10.0 HIGH | N/A |
| Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. | |||||
| CVE-2007-1258 | 1 Cisco | 4 Catalyst 6000, Catalyst 6500, Catalyst 7600 and 1 more | 2025-04-09 | 6.1 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet. | |||||
| CVE-2006-7067 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.0 MEDIUM | N/A |
| Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect. | |||||
| CVE-2007-1354 | 1 Jboss | 1 Jboss Application Server | 2025-04-09 | 6.0 MEDIUM | N/A |
| The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode. | |||||
| CVE-2007-2635 | 1 Interchange Development Group | 1 Interchange | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests. | |||||
| CVE-2007-0448 | 1 Php | 1 Php | 2025-04-09 | 10.0 HIGH | N/A |
| The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. | |||||
| CVE-2006-5956 | 1 Xlinesoft | 1 Phprunner | 2025-04-09 | 2.1 LOW | N/A |
| XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2007-2363 | 1 Irfanview | 1 Irfanview | 2025-04-09 | 8.5 HIGH | N/A |
| Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file. | |||||
| CVE-2007-3110 | 1 Beatnik | 1 Beatnik Player | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via an RSS feed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0210 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. | |||||
| CVE-2006-6838 | 1 Rediff | 1 Bol Downloader Activex Ocx Control | 2025-04-09 | 7.5 HIGH | N/A |
| Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter. | |||||
| CVE-2007-2778 | 1 Molyx | 1 Molyx Board | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts. | |||||
| CVE-2007-3055 | 1 Codelib | 1 Linker | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2007-4571 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc. | |||||
| CVE-2007-0758 | 1 Phpprobid | 1 Phpprobid | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0374 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue. | |||||
| CVE-2007-1542 | 1 Cisco | 2 7940 Router, 7960 Router | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||