Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3980 | 1 Rcms Pro | 1 Rgamescript Pro | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | |||||
| CVE-2006-6480 | 1 Scriptphp | 1 Annoncescripthp | 2025-04-09 | 5.0 MEDIUM | N/A |
| admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows remote attackers to obtain sensitive information via the idmembre parameter, which discloses the passwords for arbitrary users. | |||||
| CVE-2007-3840 | 1 Sitetrafficstats | 1 Sitetrafficstats | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2006-6963 | 1 Docebo | 1 Docebo | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577. | |||||
| CVE-2007-1866 | 1 Dproxy | 1 Dproxy | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465. | |||||
| CVE-2006-6475 | 1 Mandiant | 1 First Response | 2025-04-09 | 7.1 HIGH | N/A |
| FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception. | |||||
| CVE-2007-1853 | 1 Hitachi | 5 Jp1-hicommand Device Manager, Jp1-hicommand Global Link Availability Manager, Jp1-hicommand Replication Monitor and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors. | |||||
| CVE-2007-2930 | 1 Isc | 1 Bind | 2025-04-09 | 4.3 MEDIUM | N/A |
| The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926. | |||||
| CVE-2007-1004 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. | |||||
| CVE-2007-3560 | 1 Esqlanelapse | 1 Esqlanelapse | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors. | |||||
| CVE-2008-6564 | 1 Nortel | 2 Communication Server 1000, Unistim Protocol | 2025-04-09 | 7.6 HIGH | N/A |
| Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. | |||||
| CVE-2007-0926 | 1 Kvguestbook | 1 Kvguestbook | 2025-04-09 | 7.5 HIGH | N/A |
| The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables. | |||||
| CVE-2007-1100 | 1 Pickle | 1 Pickle | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2009-1693 | 1 Apple | 1 Safari | 2025-04-09 | 5.8 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." | |||||
| CVE-2009-4593 | 1 Jesse Smith | 1 Bftpd | 2025-04-09 | 5.0 MEDIUM | N/A |
| The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2570 | 1 Guilain Omont | 1 Wikivi5 | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter. | |||||
| CVE-2006-6722 | 1 Jelle De Vos | 1 Bandwebsite | 2025-04-09 | 7.5 HIGH | N/A |
| Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1. | |||||
| CVE-2006-5382 | 1 3com | 1 Superstack 3 Switch 4400 | 2025-04-09 | 7.5 HIGH | N/A |
| 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned. | |||||
| CVE-2007-3564 | 1 Libcurl | 1 Libcurl | 2025-04-09 | 7.5 HIGH | N/A |
| libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. | |||||
| CVE-2007-3485 | 1 Yandex | 1 Yandex.server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI. | |||||