Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1609 | 1 Oracle | 1 Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563. | |||||
| CVE-2006-6502 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 7.1 HIGH | N/A |
| Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors. | |||||
| CVE-2007-1527 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 5.0 MEDIUM | N/A |
| The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. | |||||
| CVE-2007-3179 | 1 Particle Blogger | 1 Particle Blogger | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors. | |||||
| CVE-2007-0198 | 1 Cisco | 4 Ip Contact Center Enterprise, Ip Contact Center Hosted, Unified Contact Center Enterprise and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. | |||||
| CVE-2007-3488 | 1 Sony | 1 Sony Network Camera Snc-p5 | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method. | |||||
| CVE-2007-0059 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. | |||||
| CVE-2007-2321 | 1 Silverstripe | 1 Silverstripe | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors. | |||||
| CVE-2006-5787 | 1 Iprimal | 1 Iprimal Forums | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php. | |||||
| CVE-2006-5776 | 1 Ariadne | 1 Ariadne Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE: this issue is disputed by CVE, since installation instructions recommend that the files be placed outside of the web document root and require the administrator to modify $ariadne in an include file | |||||
| CVE-2007-1511 | 1 Frontbase | 1 Relational Database Server | 2025-04-09 | 7.1 HIGH | N/A |
| Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name. | |||||
| CVE-2007-3345 | 1 Php Accounts | 1 Php Accounts | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter. | |||||
| CVE-2007-3182 | 1 Vincent Hor | 1 Calendarix | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835. | |||||
| CVE-2007-3552 | 1 Bbs100 | 1 Bbs100 | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. NOTE: some details were obtained from third party information. | |||||
| CVE-2007-1717 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed. | |||||
| CVE-2007-4178 | 1 Amg Soft | 1 Webdirector | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter. | |||||
| CVE-2007-3575 | 1 Freedomain.co.nr | 1 Clone | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php. | |||||
| CVE-2007-3368 | 1 Polycom | 1 Soundpoint Ip 650 | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter. | |||||
| CVE-2007-4032 | 1 Crystal Reality Llc | 1 Crystalplayer Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote attackers to execute arbitrary code via a long string in a .mls Playlist file. | |||||
| CVE-2007-1176 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer. | |||||