Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3896 | 1 Neoscale Systems | 1 Cryptostor Tape 700 | 2025-04-09 | 4.9 MEDIUM | N/A |
| The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX. | |||||
| CVE-2007-3108 | 1 Openssl | 1 Openssl | 2025-04-09 | 1.2 LOW | N/A |
| The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. | |||||
| CVE-2007-1631 | 1 Clbox | 1 Clbox | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use | |||||
| CVE-2007-2183 | 1 Php-ring | 1 Webring System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter. | |||||
| CVE-2007-1486 | 1 Carbonize | 1 Lazarus Guestbook | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability. | |||||
| CVE-2006-6789 | 1 Phpbbxtra | 1 Phpbbxtra | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1957 | 1 Guernion Sylvain Portail | 1 Web Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/. | |||||
| CVE-2007-2940 | 1 Flap | 1 Flap | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php. | |||||
| CVE-2007-1846 | 1 Xoops | 1 Malaika System Myads Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341. | |||||
| CVE-2007-0733 | 1 Apple | 2 Imageio, Mac Os X | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption. | |||||
| CVE-2007-3719 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | |||||
| CVE-2007-1081 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-7133 | 1 Php Upload Tool | 1 Php Upload Tool | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in upload/bin/download.php in Upload Tool for PHP 1.0 allows remote attackers to read arbitrary files via (1) ".." sequences or (2) absolute pathnames in the filename parameter. | |||||
| CVE-2006-5445 | 1 Digium | 1 Asterisk | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. | |||||
| CVE-2007-1772 | 1 Hp | 1 Jetdirect | 2025-04-09 | 7.1 HIGH | N/A |
| The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname. | |||||
| CVE-2006-6115 | 1 Fipsasp | 1 Fipscms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2007-0877 | 1 March Networks | 5 3108 Dvr, 3204 Dvr, 4210 Dvr and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6992 | 1 Gosurf Browser | 1 Gosurf Browser | 2025-04-09 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2009-0636 | 1 Cisco | 1 Ios | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message. | |||||
| CVE-2008-1116 | 1 Rising Antivirus International | 1 Rising Web Scan Object | 2025-04-09 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information. | |||||