Total
29557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0026 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 7.6 HIGH | N/A |
| The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. | |||||
| CVE-2007-2374 | 2 Avaya, Microsoft | 7 Definity One Media Server, Media Server, S3400 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. | |||||
| CVE-2006-6536 | 1 Cilem | 1 Cilem Haber | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4186 | 1 Joomla | 1 Tour De France Pool | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-0589 | 1 Forum Livre | 1 Forum Livre | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp. | |||||
| CVE-2007-4234 | 1 Camera Life | 1 Camera Life | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1628 | 1 Studiewijzer | 1 Studiewijzer | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_display.inc.php, or (10) dash_browse.inc.php in methodology/traditional/ui/inc/; (11) spl.webservice.php or (12) konfabulator/gateway_admin.php in ws/; or other unspecified files. | |||||
| CVE-2006-6287 | 1 Atomix Productions | 1 Atomixmp3 | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote attackers to execute arbitrary code via a long pathname in an M3U file. | |||||
| CVE-2007-4658 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | |||||
| CVE-2007-0330 | 1 Ipswitch | 1 Ws Ftp Pro | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. | |||||
| CVE-2006-6605 | 1 Mailenable | 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. | |||||
| CVE-2006-5316 | 1 Phplibre | 1 Registrotl | 2025-04-09 | 7.8 HIGH | N/A |
| registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat. | |||||
| CVE-2007-3926 | 1 Ipswitch | 1 Imail Server | 2025-04-09 | 7.8 HIGH | N/A |
| Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor." | |||||
| CVE-2007-3835 | 1 Exlibris Group | 1 Metalib | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search. | |||||
| CVE-2007-0742 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.8 HIGH | N/A |
| The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-5006 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument. | |||||
| CVE-2008-4586 | 1 Acresso | 1 Flexnet Connect | 2025-04-09 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method. | |||||
| CVE-2007-2318 | 1 Filezilla | 1 Filezilla | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5970 | 1 Verity | 1 Ultraseek | 2025-04-09 | 5.0 MEDIUM | N/A |
| Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryform0a.html, (18) queryform1.html, (19) queryform1a.html, (20) queryform2.html, (21) queryform2a.html, (22) quicklinks.html, (23) relatedtopics.html, (24) signin.html, (25) subtopics.html, (26) thesaurus.html, (27) topics.html, (28) hitspagebar.html, (29) highlight/highlight.html, (30) highlight/highlight_one.html, and (31) highlight/topnav.html, which leaks the installation path in the resulting error message. | |||||
| CVE-2007-3969 | 1 Panda | 1 Panda Antivirus | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around." | |||||