Total
29536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2439 | 1 Caucho Technology | 1 Resin | 2025-04-09 | 9.4 HIGH | N/A |
| Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension. | |||||
| CVE-2006-6299 | 1 Novell | 1 Zenworks Asset Management | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. | |||||
| CVE-2007-2398 | 2 Apple, Microsoft | 2 Safari, Windows 2003 Server | 2025-04-09 | 7.1 HIGH | N/A |
| Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. | |||||
| CVE-2006-6847 | 1 Realnetworks | 1 Realplayer | 2025-04-09 | 5.0 MEDIUM | N/A |
| An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument. | |||||
| CVE-2007-2881 | 1 Sun | 1 Java System Web Proxy Server | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. | |||||
| CVE-2007-2411 | 1 Sphider | 1 Sphider | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue. | |||||
| CVE-2007-2736 | 9 Achievo, Apple, Hp and 6 more | 18 Achievo, A Ux, Mac Os X and 15 more | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | |||||
| CVE-2007-1049 | 2 Gentoo, Wordpress | 2 Linux, Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | |||||
| CVE-2008-0673 | 1 Tintin | 2 Tintin\+\+, Wintin\+\+ | 2025-04-09 | 7.5 HIGH | N/A |
| TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory. | |||||
| CVE-2007-1810 | 1 Kaotik | 1 Kshop | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5110 | 1 Php Invoice | 1 Php Invoice | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-2935 | 1 Fundanemt | 1 Fundanemt | 2025-04-09 | 7.5 HIGH | N/A |
| core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter. | |||||
| CVE-2007-1528 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 5.0 MEDIUM | N/A |
| The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. | |||||
| CVE-2007-4067 | 1 Clever Components | 1 Internet Activex Suite | 2025-04-09 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3453 | 1 Papoo | 1 Papoo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components. | |||||
| CVE-2007-0536 | 1 Rpath | 1 Rpath Linux | 2025-04-09 | 7.2 HIGH | N/A |
| The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | |||||
| CVE-2009-1381 | 1 Squirrelmail | 3 Imap General.php, Squirrelmail, Squirrelmail1.4.19-1 | 2025-04-09 | 6.8 MEDIUM | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579. | |||||
| CVE-2006-5504 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter. | |||||
| CVE-2008-0663 | 1 Novell | 2 Challenge Response Client, Novell Client For Windows | 2025-04-09 | 2.1 LOW | N/A |
| Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. | |||||
| CVE-2006-5295 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location." | |||||