Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0690 | 1 Myevent | 1 Myevent | 2025-04-09 | 5.0 MEDIUM | N/A |
| myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages. | |||||
| CVE-2007-3582 | 1 Inforest Communications | 1 Supercali | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter. | |||||
| CVE-2007-2696 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server. | |||||
| CVE-2008-5986 | 1 Csound | 1 Csound | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2008-7021 | 1 Availscript | 1 Jobs Portal Script | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2006-5660 | 1 Cisco | 1 Security Agent Management Center | 2025-04-09 | 7.5 HIGH | N/A |
| Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server. | |||||
| CVE-2007-0926 | 1 Kvguestbook | 1 Kvguestbook | 2025-04-09 | 7.5 HIGH | N/A |
| The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables. | |||||
| CVE-2007-2594 | 1 Phpmyportal | 1 Phpmyportal | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter. | |||||
| CVE-2007-4303 | 2 Cerb, Freebsd | 2 Cerbng, Freebsd | 2025-04-09 | 6.2 MEDIUM | N/A |
| Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb. | |||||
| CVE-2007-0412 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files. | |||||
| CVE-2007-3588 | 1 Vbzoom | 1 Vbzoom | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4. | |||||
| CVE-2008-0915 | 1 Ipdiva | 1 Ipdiva | 2025-04-09 | 6.4 MEDIUM | N/A |
| The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 stores the number of remaining allowed login attempts in a cookie, which makes it easier for remote attackers to conduct brute force attacks by manipulating this cookie's value. | |||||
| CVE-2009-1723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. | |||||
| CVE-2006-7032 | 1 Tufat | 1 Flashbb | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2490 | 1 Livedata | 3 Iccp Server, Maintenance Server, Protocol Server | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets. | |||||
| CVE-2006-5807 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 4.6 MEDIUM | N/A |
| Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion". | |||||
| CVE-2006-7120 | 1 Osu Open Source Lab | 1 Maintain | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php | |||||
| CVE-2007-2409 | 1 Apple | 3 Mac Os X, Mac Os X Server, Webcore | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. | |||||
| CVE-2007-2500 | 1 Gnu | 1 Flash Player | 2025-04-09 | 10.0 HIGH | N/A |
| server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow. | |||||
| CVE-2006-4511 | 1 Novell | 1 Groupwise Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
| Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." | |||||