Total
29838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4162 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 7.8 HIGH | N/A |
| TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic. | |||||
| CVE-2007-4535 | 1 Vavoom | 1 Vavoom | 2025-04-09 | 4.3 MEDIUM | N/A |
| The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error. | |||||
| CVE-2007-4407 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | 6.4 MEDIUM | N/A |
| ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass. | |||||
| CVE-2007-1183 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors. | |||||
| CVE-2007-2598 | 1 Simplenews | 1 Simplenews | 2025-04-09 | 10.0 HIGH | N/A |
| SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2006-5352 | 1 Oracle | 1 Apex | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21. | |||||
| CVE-2007-4010 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. | |||||
| CVE-2007-3252 | 1 Portalapp | 1 Portalapp | 2025-04-09 | 7.8 HIGH | N/A |
| PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786. | |||||
| CVE-2006-5651 | 1 Digioz | 1 Digioz Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message. | |||||
| CVE-2007-2678 | 1 Netsprint | 1 Netsprint Toolbar | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-0610 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0430 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.9 MEDIUM | N/A |
| The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | |||||
| CVE-2008-1319 | 1 Versant | 1 Versant Object Database | 2025-04-09 | 9.3 HIGH | N/A |
| Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field. | |||||
| CVE-2007-0336 | 1 Rixstep | 1 Undercover | 2025-04-09 | 4.4 MEDIUM | N/A |
| Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition. | |||||
| CVE-2009-4143 | 1 Php | 1 Php | 2025-04-09 | 10.0 HIGH | N/A |
| PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. | |||||
| CVE-2006-6508 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1501 | 2 Ircu, Quakenet | 2 Ircu, Snircd | 2025-04-09 | 5.0 MEDIUM | N/A |
| The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command. | |||||
| CVE-2007-5156 | 4 Cardinal Cms Project, Redlinesoft, Sitex Cms Project and 1 more | 4 Cardinal Cms, Lanai Cms, Sitex Cms and 1 more | 2025-04-09 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. | |||||
| CVE-2007-1515 | 1 Horde | 1 Imp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6381 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||