Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3506 | 1 Freetype | 1 Freetype | 2025-04-09 | 7.5 HIGH | N/A |
| The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." | |||||
| CVE-2007-0149 | 1 Ememberspro | 1 Ememberspro | 2025-04-09 | 7.5 HIGH | N/A |
| EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb. | |||||
| CVE-2006-5881 | 1 Dynamic Dataworx | 1 Nucommunity | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter. | |||||
| CVE-2007-2394 | 1 Apple | 2 Mac Os X, Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
| Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. | |||||
| CVE-2009-3047 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
| Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. | |||||
| CVE-2007-1514 | 1 Viperweb | 1 Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter. | |||||
| CVE-2007-3427 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action. | |||||
| CVE-2007-3722 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 2.1 LOW | N/A |
| The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | |||||
| CVE-2008-0001 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 3.6 LOW | N/A |
| VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. | |||||
| CVE-2006-5942 | 1 Website Designs For Less | 1 Inventory Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter. | |||||
| CVE-2007-3966 | 1 Iexpress | 1 Munch Pro | 2025-04-09 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880. | |||||
| CVE-2006-6452 | 1 Myarticles | 1 Myarticles | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php. | |||||
| CVE-2007-2857 | 1 Zakkis Technology Corporation | 1 Php Excel Parser | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter. | |||||
| CVE-2007-2298 | 1 Gforge | 1 Garennes | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/. | |||||
| CVE-2006-5991 | 1 Cactusoft | 1 Cactushop | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp. | |||||
| CVE-2007-4020 | 1 Brain Book Software | 1 Adman | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in login.php in AdMan 1.0.20051202 FF 3 patch and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters. | |||||
| CVE-2007-3632 | 1 Limesurvey | 1 Limesurvey | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. | |||||
| CVE-2007-0872 | 1 Plain Old Webserver | 1 Plain Old Webserver | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2008-1153 | 1 Cisco | 2 Cisco Ios, Ios | 2025-04-09 | 7.1 HIGH | N/A |
| Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. | |||||
| CVE-2007-4546 | 1 X-diesel | 1 Unreal Commander | 2025-04-09 | 5.8 MEDIUM | N/A |
| Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation. | |||||