Total
29558 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7197 | 1 Apache | 1 Tomcat | 2025-04-09 | 7.8 HIGH | N/A |
| The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory. | |||||
| CVE-2006-6142 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." | |||||
| CVE-2007-1802 | 1 Maildwarf | 1 Maildwarf | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1784 | 1 Ibm | 1 Lotus Sametime | 2025-04-09 | 9.3 HIGH | N/A |
| The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function. | |||||
| CVE-2007-3014 | 1 Activeweb | 1 Contentserver | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype). | |||||
| CVE-2007-3661 | 1 Eltima Software | 1 Virtual Serial Port | 2025-04-09 | 5.0 MEDIUM | N/A |
| Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DLL) allows remote attackers to cause a denial of service via certain function calls, as demonstrated via the (1) Attach, (2) Write, and (3) WriteStr functions. | |||||
| CVE-2006-4925 | 1 Openbsd | 1 Openssh | 2025-04-09 | 5.0 MEDIUM | N/A |
| packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL. | |||||
| CVE-2007-3162 | 1 Westbyte | 1 Internet Download Accelerator | 2025-04-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument. | |||||
| CVE-2006-6307 | 1 Novell | 1 Client | 2025-04-09 | 5.0 MEDIUM | N/A |
| srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. | |||||
| CVE-2006-4509 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2007-2473 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | |||||
| CVE-2007-0098 | 1 Verliadmin | 1 Verliadmin | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | |||||
| CVE-2007-4231 | 1 Idevspot | 1 Phphostbot | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776. | |||||
| CVE-2009-3944 | 1 Rim | 2 Blackberry 8800, Blackberry Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. | |||||
| CVE-2007-2350 | 1 Freepbx | 1 Freepbx | 2025-04-09 | 6.5 MEDIUM | N/A |
| admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. | |||||
| CVE-2007-0228 | 1 Eiqnetworks | 1 Enterprise Security Analyzer | 2025-04-09 | 5.0 MEDIUM | N/A |
| The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference. | |||||
| CVE-2006-5548 | 1 Otscms | 1 Otscms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][directories][classes] parameter. | |||||
| CVE-2008-1070 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
| The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. | |||||
| CVE-2007-1011 | 1 Vs-gastebuch | 1 Vs-gastebuch | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter. | |||||
| CVE-2006-5246 | 1 Eazy Cart | 1 Eazy Cart | 2025-04-09 | 5.0 MEDIUM | N/A |
| Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information. | |||||