Total
29548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0431 | 1 Avm | 1 Fritzbox | 2025-04-09 | 7.8 HIGH | N/A |
| AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060). | |||||
| CVE-2006-6911 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2025-04-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter. | |||||
| CVE-2006-5987 | 1 Aspintranet | 1 Aspintranet | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter. | |||||
| CVE-2007-5380 | 1 David Hansson | 1 Ruby On Rails | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions." | |||||
| CVE-2007-2289 | 1 Alexscriptengine | 1 Download-engine | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW. | |||||
| CVE-2006-5448 | 1 Microsoft | 1 Windows Digital Rights Management | 2025-04-09 | 7.5 HIGH | N/A |
| The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. | |||||
| CVE-2008-0537 | 1 Cisco | 5 7600 Router, Catalyst 6500, Me 6524 Ethernet Switch and 2 more | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. | |||||
| CVE-2006-5190 | 1 Oscommerce | 1 Oscommerce | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php. | |||||
| CVE-2007-2523 | 2 Broadcom, Ca | 2 Integrated Threat Management, Anti-virus For The Enterprise | 2025-04-09 | 7.2 HIGH | N/A |
| CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0. | |||||
| CVE-2008-1153 | 1 Cisco | 2 Cisco Ios, Ios | 2025-04-09 | 7.1 HIGH | N/A |
| Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. | |||||
| CVE-2006-5554 | 1 Blackdot | 1 Imageview | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php. | |||||
| CVE-2007-2371 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2025-04-09 | 10.0 HIGH | N/A |
| admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action. | |||||
| CVE-2007-3723 | 1 Sun | 1 Solaris | 2025-04-09 | 2.1 LOW | N/A |
| The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | |||||
| CVE-2007-2501 | 1 Fernando M.a.d.s. | 1 Codepress | 2025-04-09 | 7.5 HIGH | N/A |
| Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call. | |||||
| CVE-2007-1685 | 1 Bluecoat | 1 K9 Web Protection | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372. | |||||
| CVE-2007-0376 | 1 Virtuemart | 1 Virtuemart | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-5017 | 1 E-vision | 1 E-vision Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter. | |||||
| CVE-2006-6196 | 1 Fixit Knowledge Solutions | 1 Idms Pro Image Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter). | |||||
| CVE-2007-3987 | 1 Junction Quest | 1 Image Racer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter. | |||||
| CVE-2007-2228 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
| rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. | |||||