Total
29838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5985 | 1 Gnome | 1 Epiphany | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2007-3406 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag. | |||||
| CVE-2007-3625 | 1 Citrix | 1 Metaframe Presentation Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. | |||||
| CVE-2007-3192 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | 9.4 HIGH | N/A |
| admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request. | |||||
| CVE-2007-2320 | 1 Papoo | 1 Papoo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478. | |||||
| CVE-2006-6019 | 1 Bloo | 1 Bloo | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2008-4863 | 1 Blender | 1 Blender | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. | |||||
| CVE-2006-5712 | 1 Mirapoint | 1 Mirapoint Webmail | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element. | |||||
| CVE-2007-3615 | 2 Microsoft, Sap | 3 All Windows, Internet Communication Manager, Sap Web Application Server | 2025-04-09 | 7.8 HIGH | N/A |
| Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. | |||||
| CVE-2006-5886 | 1 Dynamic Dataworx | 1 Nurealestate | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter. | |||||
| CVE-2006-6081 | 1 Telaen | 1 Telaen | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter. | |||||
| CVE-2006-5452 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument. | |||||
| CVE-2007-0591 | 1 Vu Le An | 1 Virtual Path | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1908 | 1 Php121 | 1 Php121 Instant Messenger | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function. | |||||
| CVE-2007-2466 | 1 Sun | 2 Java System Directory Server, One Directory Server | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings. | |||||
| CVE-2006-6572 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3632 | 1 Limesurvey | 1 Limesurvey | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. | |||||
| CVE-2007-0047 | 1 Adobe | 1 Acrobat Reader | 2025-04-09 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | |||||
| CVE-2007-4396 | 1 Irssi | 1 Irssi | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | |||||
| CVE-2006-5714 | 1 Efs Software | 1 Efs Web Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream. | |||||