Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3075 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences. | |||||
| CVE-2007-5632 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions. | |||||
| CVE-2007-2786 | 1 Ircd-ratbox | 1 Ircd-ratbox | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client. | |||||
| CVE-2006-6730 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2025-04-09 | 6.6 MEDIUM | N/A |
| OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2. | |||||
| CVE-2006-5296 | 1 Microsoft | 1 Powerpoint | 2025-04-09 | 4.3 MEDIUM | N/A |
| PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. | |||||
| CVE-2007-3815 | 1 Republike Slovenije | 1 Pirs | 2025-04-09 | 4.9 MEDIUM | N/A |
| Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment. | |||||
| CVE-2007-4753 | 1 Thomson | 1 St 2030 Sip Phone | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553. | |||||
| CVE-2006-6101 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 | 2025-04-09 | 6.6 MEDIUM | N/A |
| Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. | |||||
| CVE-2007-0577 | 1 Acgvclick | 1 Acgvclick | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-4485 | 1 Butterfly | 1 Butterfly | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter. | |||||
| CVE-2007-0828 | 1 Mysqlnewsengine | 1 Mysqlnewsengine | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter. | |||||
| CVE-2007-1397 | 1 Fish | 1 Fish | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | |||||
| CVE-2007-0107 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
| WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. | |||||
| CVE-2007-0607 | 1 W-agora | 1 W-agora | 2025-04-09 | 4.3 MEDIUM | N/A |
| W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. | |||||
| CVE-2006-5461 | 1 Avahi | 1 Avahi | 2025-04-09 | 2.1 LOW | N/A |
| Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi. | |||||
| CVE-2006-6965 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-09 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks. | |||||
| CVE-2006-7034 | 9 Apple, Hp, Ibm and 6 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. | |||||
| CVE-2006-6788 | 1 Luckybot | 1 Luckybot | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php. | |||||
| CVE-2006-5929 | 1 Phpjobscheduler | 1 Phpjobscheduler | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2007-2687 | 1 Microworld Technologies | 1 Escan | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command. | |||||