Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2496 | 1 Office Ocx | 1 Word Viewer Ocx | 2025-04-09 | 7.8 HIGH | N/A |
| The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value. | |||||
| CVE-2007-1505 | 1 Fujitsu | 2 Fence, Systemwalker Desktop Encryption | 2025-04-09 | 2.1 LOW | N/A |
| Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types. | |||||
| CVE-2007-2398 | 2 Apple, Microsoft | 2 Safari, Windows 2003 Server | 2025-04-09 | 7.1 HIGH | N/A |
| Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. | |||||
| CVE-2010-0278 | 1 Microsoft | 3 Windows 7, Windows Live Messenger, Windows Vista | 2025-04-09 | 4.3 MEDIUM | N/A |
| A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. | |||||
| CVE-2007-3569 | 1 Softlink Europe | 1 Oliver Library Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on. | |||||
| CVE-2007-3376 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. | |||||
| CVE-2007-2925 | 1 Isc | 1 Bind | 2025-04-09 | 5.8 MEDIUM | N/A |
| The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. | |||||
| CVE-2007-2629 | 1 Bradford Networks | 1 Campusmanager Network Control Application Server | 2025-04-09 | 7.8 HIGH | N/A |
| Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/. | |||||
| CVE-2007-2013 | 1 Jex-treme | 1 Einfacher Passworschutz | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2007-1020 | 1 Cedstat | 1 Cedstat | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter. | |||||
| CVE-2007-1871 | 1 Chcounter | 1 Chcounter | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/. | |||||
| CVE-2007-1965 | 1 Exv2 | 1 Content Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. | |||||
| CVE-2006-6779 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. | |||||
| CVE-2006-6300 | 1 Cutephp | 1 Cutenews | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter. | |||||
| CVE-2006-5741 | 1 Airmagnet | 1 Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface. | |||||
| CVE-2007-3313 | 1 Efstratios Geroulis | 1 Jasmine Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php. | |||||
| CVE-2006-6917 | 1 Broadcom | 1 Brightstor Arcserve Backup Server | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0. | |||||
| CVE-2007-2384 | 1 Script.aculo.us | 1 Script.aculo.us | 2025-04-09 | 7.8 HIGH | N/A |
| The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2006-7115 | 1 Phpkit | 1 Phpkit | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php. | |||||
| CVE-2007-0156 | 1 M-core | 1 M-core | 2025-04-09 | 7.5 HIGH | N/A |
| M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb. | |||||