Total
29538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5150 | 1 Openbiblio | 1 Openbiblio | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5765 | 1 Article Script | 1 Article Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in Article Script 1.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2006-7178 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 7.8 HIGH | N/A |
| MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. | |||||
| CVE-2007-2536 | 1 Picozip | 1 Picozip | 2025-04-09 | 7.8 HIGH | N/A |
| PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2006-5461 | 1 Avahi | 1 Avahi | 2025-04-09 | 2.1 LOW | N/A |
| Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi. | |||||
| CVE-2009-3004 | 1 Avant Force | 1 Avant Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
| Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. | |||||
| CVE-2007-1089 | 3 Ibm, Linux, Microsoft | 3 Db2 Universal Database, Linux Kernel, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors. | |||||
| CVE-2007-3124 | 1 Freevms | 1 Freevms | 2025-04-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in FreeVMS before 0.3.6 might allow local users to gain privileges via a long string in response to an "extract [ny]" prompt. | |||||
| CVE-2008-5404 | 1 Grid2000 | 1 Flexcell Grid Control | 2025-04-09 | 10.0 HIGH | N/A |
| Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0276 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
| Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. | |||||
| CVE-2006-5715 | 1 Efs Software | 1 Easy Address Book | 2025-04-09 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream. | |||||
| CVE-2006-5312 | 1 Phpbb | 1 Ajax Shoutbox | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Shoutbox 0.0.5 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-6226 | 1 Neoengine | 1 Neoengine | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp. | |||||
| CVE-2007-1750 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. | |||||
| CVE-2007-2998 | 1 Hp | 1 Openvms | 2025-04-09 | 4.9 MEDIUM | N/A |
| The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code. | |||||
| CVE-2007-2014 | 1 Mynews | 1 Mynews | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633. | |||||
| CVE-2007-6489 | 1 Falcon | 1 Series One Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors. | |||||
| CVE-2007-3411 | 1 Clicktech | 1 Clickgallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | |||||
| CVE-2007-0763 | 1 F3site | 1 F3site | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field. | |||||
| CVE-2007-0199 | 1 Cisco | 1 Ios | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." | |||||