Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3828 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386. | |||||
| CVE-2007-3603 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. | |||||
| CVE-2007-4625 | 1 Polipo | 1 Polipo | 2025-04-09 | 4.3 MEDIUM | N/A |
| Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request. | |||||
| CVE-2007-3421 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-6287 | 1 Atomix Productions | 1 Atomixmp3 | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote attackers to execute arbitrary code via a long pathname in an M3U file. | |||||
| CVE-2008-4587 | 1 Acresso | 1 Flexnet Connect | 2025-04-09 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders. | |||||
| CVE-2007-2343 | 1 Enterasys | 2 Netsight Console, Netsight Inventory Manager | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names. | |||||
| CVE-2006-5141 | 1 Kevin A. Gordon | 1 Open Geo Targeting | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-0679 | 1 Nicolas Grandjean | 1 Phpmyring | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter. | |||||
| CVE-2007-2177 | 1 Microgaming | 1 Download Helper Activex Control | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-0951 | 1 Fullaspsite | 1 Asp Hosting Site | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-0078 | 1 Battleblog | 1 Battleblog | 2025-04-09 | 5.0 MEDIUM | N/A |
| BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. | |||||
| CVE-2007-0565 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2025-04-09 | 7.5 HIGH | N/A |
| CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors. | |||||
| CVE-2007-2747 | 1 Rdiffweb | 1 Rdiffweb | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI. | |||||
| CVE-2007-2045 | 1 Sun | 1 Sunos | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments. | |||||
| CVE-2007-1988 | 1 Phpecho Cms | 1 Phpecho Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2007-1439 | 1 Bitesser | 1 Mysql Commander | 2025-04-09 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter. | |||||
| CVE-2007-0131 | 1 Jamwiki | 1 Jamwiki | 2025-04-09 | 7.5 HIGH | N/A |
| JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki. | |||||
| CVE-2007-4426 | 1 Live For Speed | 1 Live For Speed | 2025-04-09 | 5.0 MEDIUM | N/A |
| Live for Speed (LFS) S1 and S2 allows remote attackers to cause a denial of service (server crash) via (1) a certain 0x00 byte in a pre-login ID 3 packet, which triggers a NULL dereference; or (2) a pre-login ID 5 packet that lacks certain strings, which triggers an invalid pointer dereference. | |||||
| CVE-2006-6421 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user. | |||||