Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2410 | 1 Apple | 3 Mac Os X, Mac Os X Server, Webcore | 2025-04-09 | 4.3 MEDIUM | N/A |
| WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2006-5455 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. | |||||
| CVE-2006-5294 | 1 Tincan | 1 Phplist | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter. | |||||
| CVE-2007-4195 | 1 The Sleuth Kit | 1 The Sleuth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
| Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain ext2fs files via a malformed ext2fs image. | |||||
| CVE-2007-0142 | 1 Shopstorenow | 1 E-commerce Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||||
| CVE-2007-0090 | 1 Fermentigrafici | 1 Wineglass | 2025-04-09 | 7.5 HIGH | N/A |
| WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb. | |||||
| CVE-2006-5413 | 1 Supermod | 1 Supermod | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php. | |||||
| CVE-2007-0394 | 1 Hp | 1 Hp-ux | 2025-04-09 | 4.6 MEDIUM | N/A |
| HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | |||||
| CVE-2007-3783 | 1 Envivosoft | 1 Envivo Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4. | |||||
| CVE-2006-5903 | 1 Rahul Jonna | 1 Gspace | 2025-04-09 | 7.5 HIGH | N/A |
| Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GSPACE "2174|1|1|1|gs:/ d$" message, which injects a new file into the filesystem; and (2) a GSPACE "|-135|1|1|0|gs:/ d$" message, which creates a folder. | |||||
| CVE-2007-1849 | 1 Drake Team | 1 Drake Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of these details are obtained from third party information. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." | |||||
| CVE-2006-5057 | 1 Ktools.net | 1 Photostore | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php. | |||||
| CVE-2007-0081 | 1 Sunbelt | 1 Sunbelt Kerio Personal Firewall | 2025-04-09 | 6.8 MEDIUM | N/A |
| Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory. | |||||
| CVE-2009-3985 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | |||||
| CVE-2007-3388 | 1 Trolltech | 1 Qt | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. | |||||
| CVE-2007-0441 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2006-7103 | 1 Ezonlinegallery | 1 Ezonlinegallery | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php. | |||||
| CVE-2007-0482 | 1 Sun | 1 Ray Server Software | 2025-04-09 | 4.6 MEDIUM | N/A |
| cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack. | |||||
| CVE-2007-1196 | 1 Citrix | 1 Presentation Server Client | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. | |||||
| CVE-2010-0314 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
| Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value. | |||||