Total
29549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0546 | 1 Toxiclab | 1 Shoutbox | 2025-04-09 | 7.8 HIGH | N/A |
| Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb. | |||||
| CVE-2007-2906 | 1 Sun | 1 Java Embedding Plugin | 2025-04-09 | 5.0 MEDIUM | N/A |
| Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method. | |||||
| CVE-2006-5737 | 1 Punbb | 1 Punbb | 2025-04-09 | 7.2 HIGH | N/A |
| PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions. | |||||
| CVE-2007-0685 | 1 Microsoft | 1 Windows Mobile | 2025-04-09 | 2.6 LOW | N/A |
| Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. | |||||
| CVE-2006-6630 | 1 Ibiblio | 1 Osprey | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | |||||
| CVE-2007-1808 | 1 Camportail | 1 Camportail | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action. | |||||
| CVE-2007-1326 | 1 Serendipity | 1 Serendipity | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. | |||||
| CVE-2007-2497 | 1 Realnetworks | 1 Realplayer | 2025-04-09 | 7.8 HIGH | N/A |
| RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct. | |||||
| CVE-2009-4130 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.8 MEDIUM | N/A |
| Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name. | |||||
| CVE-2007-3144 | 1 Mozilla | 1 Mozilla | 2025-04-09 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2006-5708 | 1 Alt-n | 1 Mdaemon | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks. | |||||
| CVE-2007-2925 | 1 Isc | 1 Bind | 2025-04-09 | 5.8 MEDIUM | N/A |
| The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. | |||||
| CVE-2007-1652 | 1 Openid | 1 Openid | 2025-04-09 | 7.5 HIGH | N/A |
| OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens. | |||||
| CVE-2007-1098 | 1 Scrymud | 1 Scrymud | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence. | |||||
| CVE-2007-4157 | 1 Phpblogger | 1 Php-blogger | 2025-04-09 | 5.0 MEDIUM | N/A |
| PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version. | |||||
| CVE-2006-5535 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. | |||||
| CVE-2007-2258 | 1 Phpmybibli | 1 Phpmybibli | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | |||||
| CVE-2006-6540 | 1 Bluetrait | 1 Bluetrait | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3741 | 2 Gnu, Mandriva | 2 Gimp, Linux | 2025-04-09 | 4.3 MEDIUM | N/A |
| The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. | |||||
| CVE-2007-0469 | 1 Rubyforge | 1 Rubygems | 2025-04-09 | 9.3 HIGH | N/A |
| The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages. | |||||