Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0746 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference". | |||||
| CVE-2006-5450 | 1 Kinesis | 1 Kinesis Interactive Cinema System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters. | |||||
| CVE-2006-5062 | 1 Pblang | 1 Pblang | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter. | |||||
| CVE-2007-4422 | 1 Symantec | 1 Enterprise Firewall | 2025-04-09 | 9.3 HIGH | N/A |
| The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2007-0804 | 1 Ggcms | 1 Ggcms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file. | |||||
| CVE-2006-6890 | 1 Voc-project | 1 Voodoo Chat | 2025-04-09 | 7.5 HIGH | N/A |
| Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat. | |||||
| CVE-2006-5004 | 1 Ibm | 1 Aix | 2025-04-09 | 2.1 LOW | N/A |
| Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors. | |||||
| CVE-2006-6548 | 1 Cpanel | 1 Webhost Manager | 2025-04-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198. | |||||
| CVE-2006-7226 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 4.3 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash). | |||||
| CVE-2006-6530 | 1 Drupal | 1 Help Tip Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-2161 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2007-1912 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. | |||||
| CVE-2007-3809 | 1 Prozilla | 1 Prozilla Directory Script | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | |||||
| CVE-2007-1497 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
| nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | |||||
| CVE-2009-0960 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL. | |||||
| CVE-2007-2153 | 1 Atmail | 1 Atmail Webmail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2007-0795 | 1 Wap | 1 Wap Portal Server | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php. | |||||
| CVE-2009-2764 | 1 Microsoft | 2 Internet Explorer, Windows 7 | 2025-04-09 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location. | |||||
| CVE-2006-6658 | 1 Inktomi | 1 Inktomi Search | 2025-04-09 | 5.0 MEDIUM | N/A |
| Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970. | |||||
| CVE-2007-2278 | 1 Dcp-portal | 1 Dcp-portal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the cfgfile_to_load parameter to admin/phpMyAdmin/libraries/common.lib.php. | |||||