Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0210 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. | |||||
| CVE-2006-6838 | 1 Rediff | 1 Bol Downloader Activex Ocx Control | 2025-04-09 | 7.5 HIGH | N/A |
| Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter. | |||||
| CVE-2007-2778 | 1 Molyx | 1 Molyx Board | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts. | |||||
| CVE-2007-3055 | 1 Codelib | 1 Linker | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2007-4571 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc. | |||||
| CVE-2007-0758 | 1 Phpprobid | 1 Phpprobid | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0374 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue. | |||||
| CVE-2007-1542 | 1 Cisco | 2 7940 Router, 7960 Router | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5445 | 1 Digium | 1 Asterisk | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. | |||||
| CVE-2007-1292 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." | |||||
| CVE-2007-0179 | 1 Phpkit | 1 Phpkit | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter. | |||||
| CVE-2007-2060 | 1 Wizz Computers | 1 Wizz Rss Reader | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM. | |||||
| CVE-2007-3419 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-3059 | 1 Sendcard | 1 Sendcard | 2025-04-09 | 5.0 MEDIUM | N/A |
| SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message. | |||||
| CVE-2006-5680 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 5.0 MEDIUM | N/A |
| The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data. | |||||
| CVE-2007-4251 | 1 Openoffice | 1 Openoffice | 2025-04-09 | 4.3 MEDIUM | N/A |
| OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. | |||||
| CVE-2007-4025 | 1 Sun | 1 Java System Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors. | |||||
| CVE-2006-6930 | 1 Ga Soft | 1 Rapid Classified | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4171 | 1 Auracms | 1 Modul Forum Sederhana | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3978 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. | |||||