Total
29549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1892 | 1 Akamai Technologies | 1 Download Manager | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. | |||||
| CVE-2007-2648 | 1 Clever Components | 1 Clever Database Comparer | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Clever Database Comparer 2.2 ActiveX control (comparerax.ocx) allows remote attackers to execute arbitrary code via a long argument to the ConnectToDatabase function. | |||||
| CVE-2007-3423 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-5733 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | |||||
| CVE-2007-4046 | 1 Joomla | 1 Pony Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2009-2267 | 1 Vmware | 7 Ace, Esx, Esxi and 4 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register. | |||||
| CVE-2007-4359 | 1 Skilmatch Staffing Systems | 1 Joblister3 | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. | |||||
| CVE-2007-4063 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API. | |||||
| CVE-2006-7176 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2025-04-09 | 4.3 MEDIUM | N/A |
| The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. | |||||
| CVE-2007-2753 | 1 Runawaysoft | 1 Haber Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
| RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb. | |||||
| CVE-2009-4080 | 1 Sun | 2 Opensolaris, Sunos | 2025-04-09 | 2.1 LOW | N/A |
| Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. | |||||
| CVE-2007-3311 | 1 Xoops | 1 Articles Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1546 | 1 Mitsubishi Electric | 1 Gb | 2025-04-09 | 7.8 HIGH | N/A |
| servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. | |||||
| CVE-2007-1550 | 1 Phpx | 1 Phpx | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news.php; the (5) cat_id, (6) topic_id, or (7) post_id parameter to (d) forums.php; or (8) the user_id parameter to (e) users.php. | |||||
| CVE-2007-2787 | 1 Lead Technologies | 1 Leadtools Raster Thumbnail Object Library | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2008-3061 | 1 V-webmail | 1 V-webmail | 2025-04-09 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter. | |||||
| CVE-2007-1169 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 5.0 MEDIUM | N/A |
| The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network. | |||||
| CVE-2007-0249 | 1 Nwom | 1 Nwom Topsites | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter. | |||||
| CVE-2009-2842 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. | |||||
| CVE-2007-0666 | 1 Ipswitch | 1 Ws Ftp Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module. | |||||