Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6639 | 1 Chetcpasswd | 1 Chetcpasswd | 2025-04-09 | 4.6 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line. | |||||
| CVE-2007-1890 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff. | |||||
| CVE-2007-0031 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. | |||||
| CVE-2007-2026 | 2 Amavis, Gentoo | 2 Virus Scanner, File | 2025-04-09 | 7.8 HIGH | N/A |
| The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. | |||||
| CVE-2007-1787 | 1 Softerra | 1 Time-assistant | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter. | |||||
| CVE-2007-3905 | 1 Zoph | 1 Zoph | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php. | |||||
| CVE-2007-2804 | 1 Candypress | 1 Candypress Store | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters. | |||||
| CVE-2006-6409 | 1 F-secure | 1 F-secure Anti-virus | 2025-04-09 | 10.0 HIGH | N/A |
| F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and possibly bypass virus detection, by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | |||||
| CVE-2006-3867 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-09 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. | |||||
| CVE-2007-3210 | 1 Cellosoft | 1 Cellosoft Tokens Object | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3872 | 1 Hp | 2 Openview Operations, Shared Trace Service | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests. | |||||
| CVE-2007-2643 | 1 Pinkcrow Designs | 1 Designs Gallery Magazin | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | |||||
| CVE-2007-4013 | 2 Citrix, Mozilla | 3 Access Gateway, Endpoint Analysis Client, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679. | |||||
| CVE-2007-3335 | 1 Phpecho Cms | 1 Phpecho Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-7016 | 1 Phpjobboard | 1 Phpjobboard | 2025-04-09 | 7.5 HIGH | N/A |
| phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit. | |||||
| CVE-2007-2873 | 1 Spamassassin | 1 Spamassassin | 2025-04-09 | 1.9 LOW | N/A |
| SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd. | |||||
| CVE-2007-0163 | 1 Securekit | 1 Securekit Steganography | 2025-04-09 | 7.8 HIGH | N/A |
| SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information. | |||||
| CVE-2006-6516 | 1 Kdpics | 1 Kdpics | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) page parameter to (a) index.php3, or the (2) lib_path parameter to (b) authenticate.inc.php3 or (c) lib/exifer/exif.php. | |||||
| CVE-2007-1547 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2025-04-09 | 7.8 HIGH | N/A |
| The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference. | |||||
| CVE-2006-5208 | 1 Deltascripts | 1 Php Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow remote attackers to execute arbitrary SQL commands via (1) the catid_search parameter in search.php and (2) the catid parameter in index.php. | |||||