Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2526 | 1 Smartcode | 1 Vnc Manager | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-1092 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 9.3 HIGH | N/A |
| Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. | |||||
| CVE-2007-2629 | 1 Bradford Networks | 1 Campusmanager Network Control Application Server | 2025-04-09 | 7.8 HIGH | N/A |
| Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/. | |||||
| CVE-2007-4096 | 1 Tor | 1 Tor | 2025-04-09 | 5.8 MEDIUM | N/A |
| Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2007-1378 | 1 Php | 1 Php | 2025-04-09 | 5.1 MEDIUM | N/A |
| The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments. | |||||
| CVE-2007-4397 | 6 Irssi, Kristof Korwisi, Mikachu and 3 more | 7 Irssi, Ixmmsa, L33t Xmms Music Showing Script and 4 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | |||||
| CVE-2007-0938 | 1 Microsoft | 1 Content Management Server | 2025-04-09 | 10.0 HIGH | N/A |
| Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability." | |||||
| CVE-2007-1203 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. | |||||
| CVE-2008-7065 | 1 Siemens | 2 Gigaset C450 Ip, Gigaset C475 Ip | 2025-04-09 | 7.8 HIGH | N/A |
| Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060. | |||||
| CVE-2007-0785 | 1 Flipsource | 1 Flip | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | |||||
| CVE-2006-7128 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter. | |||||
| CVE-2007-5355 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | 5.8 MEDIUM | N/A |
| The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2007-2377 | 1 Getahead | 1 Direct Web Remoting | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-4050 | 1 Adempiere | 1 Bazaar | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors. | |||||
| CVE-2007-3345 | 1 Php Accounts | 1 Php Accounts | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter. | |||||
| CVE-2007-1410 | 1 Gaziyapboz | 1 Game Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter. | |||||
| CVE-2007-0474 | 1 Smb4k | 1 Smb4k | 2025-04-09 | 3.3 LOW | N/A |
| Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill." | |||||
| CVE-2006-5746 | 1 Airmagnet | 1 Enterprise | 2025-04-09 | 6.4 MEDIUM | N/A |
| The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates. | |||||
| CVE-2007-1070 | 2 Microsoft, Trend Micro | 6 Windows 2000, Windows 2003 Server, Windows Nt and 3 more | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. | |||||
| CVE-2007-2268 | 1 Swsoft | 1 Plesk | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. | |||||