Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0321 | 1 Macrovision | 1 Flexnet Connect | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method. | |||||
| CVE-2007-2437 | 1 X.org | 2 X Window System, Xserver | 2025-04-09 | 5.5 MEDIUM | N/A |
| The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error. | |||||
| CVE-2007-4847 | 1 Google | 1 Picasa | 2025-04-09 | 5.0 MEDIUM | N/A |
| Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | |||||
| CVE-2007-1675 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. | |||||
| CVE-2006-6203 | 1 Krishan | 1 Flyspray | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-3618 | 1 Emc | 1 Legato Networker | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd." | |||||
| CVE-2009-1789 | 2 Eggheads, Philip Moore | 3 Eggdrop, Eggdrop Irc Bot, Windrop | 2025-04-09 | 4.3 MEDIUM | N/A |
| mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807. | |||||
| CVE-2007-3328 | 1 Interact | 1 Interact | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php. | |||||
| CVE-2008-6712 | 1 Ea | 1 Crysis | 2025-04-09 | 5.0 MEDIUM | N/A |
| The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference. | |||||
| CVE-2007-4145 | 1 Bluesky | 1 Blueskychat | 2025-04-09 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method. | |||||
| CVE-2007-3357 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2025-04-09 | 10.0 HIGH | N/A |
| NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors. | |||||
| CVE-2006-6648 | 1 Planetluc.com | 1 Rateme | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter. | |||||
| CVE-2007-4117 | 1 Platon | 1 Phpwebfilemanager | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use | |||||
| CVE-2006-5528 | 1 Schoolalumni Portal | 1 Schoolalumni Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3479 | 1 Pc Soft | 1 Windev | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file. | |||||
| CVE-2006-5806 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 2.1 LOW | N/A |
| SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. | |||||
| CVE-2006-6708 | 1 Mginternet | 1 Property Site Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2007-0697 | 1 Mentiss Acgv | 1 Acgvannu | 2025-04-09 | 6.4 MEDIUM | N/A |
| index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1014 | 1 Vicftps | 1 Vicftps | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command. | |||||
| CVE-2006-6165 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-09 | 7.2 HIGH | 7.8 HIGH |
| ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment | |||||