Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3136 | 1 Newssync | 1 Newssync | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter. | |||||
| CVE-2007-0857 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action. | |||||
| CVE-2007-3413 | 1 Bitego | 1 Bosdatagrid | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component. | |||||
| CVE-2007-0165 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. | |||||
| CVE-2006-6995 | 1 V3 Chat | 1 V3chat Instant Messenger | 2025-04-09 | 6.0 MEDIUM | N/A |
| mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter. | |||||
| CVE-2007-0157 | 1 Neon | 1 Neon | 2025-04-09 | 7.8 HIGH | N/A |
| Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index. | |||||
| CVE-2007-2449 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. | |||||
| CVE-2006-6514 | 1 Flippet.org | 1 Winamp Web Interface | 2025-04-09 | 3.5 LOW | N/A |
| Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of the root directory is a substring of the name of the target directory, as demonstrated by accessing C:\folder2 when the root directory is C:\folder. | |||||
| CVE-2007-1683 | 1 Incredimail | 1 Immenushellext Activex Control | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-3112 | 1 The Cacti Group | 1 Cacti | 2025-04-09 | 7.8 HIGH | N/A |
| graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. | |||||
| CVE-2006-5174 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer. | |||||
| CVE-2007-0578 | 1 Mpg123 | 1 Mpg123 | 2025-04-09 | 4.3 MEDIUM | N/A |
| The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. | |||||
| CVE-2009-3085 | 1 Pidgin | 2 Libpurple, Pidgin | 2025-04-09 | 5.0 MEDIUM | N/A |
| The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. | |||||
| CVE-2007-0265 | 1 Ezboxx | 1 Portal System Beta | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp. | |||||
| CVE-2007-0176 | 1 Gforge | 1 Gforge | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. | |||||
| CVE-2006-6648 | 1 Planetluc.com | 1 Rateme | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter. | |||||
| CVE-2007-4335 | 1 Qbik | 1 Wingate | 2025-04-09 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. | |||||
| CVE-2007-0231 | 1 Six Apart | 1 Movable Type | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field. | |||||
| CVE-2007-0193 | 1 Fon | 1 La Fonera | 2025-04-09 | 7.5 HIGH | N/A |
| FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication. | |||||
| CVE-2007-1051 | 1 Comodo | 1 Comodo Firewall Pro | 2025-04-09 | 4.6 MEDIUM | N/A |
| Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value. | |||||