Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2047 | 1 Openads | 1 Openads | 2025-04-09 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5369 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Application Object Library in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS02. | |||||
| CVE-2007-2688 | 1 Cisco | 2 Ios, Ips Sensor Software | 2025-04-09 | 7.8 HIGH | N/A |
| The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | |||||
| CVE-2007-4446 | 1 Toribash | 1 Toribash | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game. | |||||
| CVE-2006-7201 | 1 Emc | 1 Rsa Security Sitekey | 2025-04-09 | 9.3 HIGH | N/A |
| EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP. | |||||
| CVE-2006-5235 | 1 Dimension Of Phpbb | 1 Dimension Of Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-6328 | 1 Dosbox | 1 Dosbox | 2025-04-09 | 7.2 HIGH | N/A |
| DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem | |||||
| CVE-2007-4498 | 1 Grandstream | 1 Sip Phone | 2025-04-09 | 7.8 HIGH | N/A |
| The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message. | |||||
| CVE-2007-1463 | 2 Inkscape, Ubuntu | 2 Inkscape, Ubuntu Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | |||||
| CVE-2006-4685 | 1 Microsoft | 2 Xml Core Services, Xml Parser | 2025-04-09 | 2.6 LOW | N/A |
| The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. | |||||
| CVE-2006-6913 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. | |||||
| CVE-2007-0129 | 1 Locazo | 1 Locazolist Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter. | |||||
| CVE-2006-5927 | 1 Asp Scripter | 2 Easy Portal, Live Support | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-2713 | 1 Ifusionservices | 1 Ifdate | 2025-04-09 | 10.0 HIGH | N/A |
| ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI. | |||||
| CVE-2007-3536 | 1 Amx | 1 Netlinx Vnc Activex Control | 2025-04-09 | 7.6 HIGH | N/A |
| Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values. | |||||
| CVE-2007-4321 | 1 Fail2ban | 1 Fail2ban | 2025-04-09 | 6.8 MEDIUM | N/A |
| fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302. | |||||
| CVE-2007-2097 | 1 Openconcept | 1 Back-end Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or (2) pollcollector.php in htdocs/; or (3) index.php, (4) articlepages.php, (5) articles.php, (6) articleform.php, (7) articlesections.php, (8) createArticlesPage.php, (9) guestbook.php, (10) helpguide.php, (11) helpguideeditor.php, (12) links.php, (13) upload.php, (14) sitestatistics.php, (15) nav.php, (16) tpl_upload.php, (17) linksections, or (18) pophelp.php in htdocs/site-admin/; different vectors than CVE-2006-5076. NOTE: this issue is disputed by a third party, who states that $includes_path is defined before use | |||||
| CVE-2006-6342 | 1 Klf-design | 1 Klf-realty | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp. | |||||
| CVE-2006-5874 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
| Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. | |||||
| CVE-2007-2605 | 1 Brujula Toolbar | 1 Brujula Toolbar | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments. | |||||