Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5420 | 1 Kerio | 1 Winroute Firewall | 2025-04-09 | 5.0 MEDIUM | N/A |
| Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses. | |||||
| CVE-2007-4704 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
| The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2006-5074 | 1 Php Invoice | 1 Php Invoice | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter. | |||||
| CVE-2007-1321 | 4 Debian, Fedoraproject, Qemu and 1 more | 5 Debian Linux, Fedora, Fedora Core and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
| Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730. | |||||
| CVE-2006-5554 | 1 Blackdot | 1 Imageview | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php. | |||||
| CVE-2008-5681 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
| Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. | |||||
| CVE-2006-5666 | 1 Asmir Alic | 1 E Annu | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3882 | 1 Popscript.com | 1 Expert Advisor | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1040 | 1 Xpression News | 1 Xpression News | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. | |||||
| CVE-2007-3189 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2006-5133 | 1 Steve Poulsen | 1 Guildftpd | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars." | |||||
| CVE-2007-0629 | 1 Plain Black | 1 Webgui | 2025-04-09 | 6.4 MEDIUM | N/A |
| The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6116 | 1 Fipsasp | 1 Fipsforum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter. | |||||
| CVE-2009-2146 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name. | |||||
| CVE-2006-5753 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors. | |||||
| CVE-2007-3570 | 1 Novell | 1 Access Manager | 2025-04-09 | 7.5 HIGH | N/A |
| The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | |||||
| CVE-2006-6445 | 1 Envolution | 1 Envolution | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | |||||
| CVE-2007-2049 | 1 Mambo | 1 Mambo Calendar | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php. | |||||
| CVE-2007-3260 | 1 Hp | 1 System Management Homepage | 2025-04-09 | 9.0 HIGH | N/A |
| HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. | |||||
| CVE-2007-1555 | 1 Minerva | 1 Minerva | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||