Total
29549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7094 | 3 Debian, Ftpd, Gentoo | 3 Debian Linux, Ftpd, Linux | 2025-04-09 | 8.5 HIGH | N/A |
| ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors. | |||||
| CVE-2006-6169 | 1 Gnupg | 1 Gnupg | 2025-04-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt. | |||||
| CVE-2007-1252 | 1 Symantec | 1 Mail Security | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources. | |||||
| CVE-2007-0978 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data. | |||||
| CVE-2007-0921 | 1 Radical Technologies | 1 Portal Search | 2025-04-09 | 9.4 HIGH | N/A |
| Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI. | |||||
| CVE-2007-0934 | 1 Microsoft | 1 Visio | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. | |||||
| CVE-2007-1979 | 1 Xoops | 1 Xoops Popnupblog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected. | |||||
| CVE-2007-0927 | 1 Utorrent | 1 Utorrent | 2025-04-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. | |||||
| CVE-2007-3727 | 1 Valarsoft | 1 Webmatic | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area." | |||||
| CVE-2007-0178 | 1 Php Web Scripts | 1 Easy Banner Pro | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. | |||||
| CVE-2007-4233 | 1 Camera Life | 1 Camera Life | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2007-3841 | 1 Pidgin | 1 Pidgin | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
| CVE-2006-5913 | 1 Microsoft | 1 Ie | 2025-04-09 | 6.4 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. | |||||
| CVE-2007-1569 | 1 Newsbin Pro | 1 Newsbin Pro | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-4395 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation." | |||||
| CVE-2007-2626 | 1 Free Php Scripts | 1 Schoolboard | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries | |||||
| CVE-2006-4902 | 1 Symantec | 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server | 2025-04-09 | 10.0 HIGH | N/A |
| The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands. | |||||
| CVE-2007-4026 | 1 Telaxus Llc | 1 Epesi | 2025-04-09 | 6.8 MEDIUM | N/A |
| epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6110 | 1 Bpg-infotech | 1 Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp. | |||||
| CVE-2006-5986 | 1 Extreme Cms | 1 Extreme Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||