Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4323 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 7.5 HIGH | N/A |
| The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322. | |||||
| CVE-2010-0278 | 1 Microsoft | 3 Windows 7, Windows Live Messenger, Windows Vista | 2025-04-09 | 4.3 MEDIUM | N/A |
| A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. | |||||
| CVE-2006-5925 | 2 Elinks, Links | 2 Elinks, Links | 2025-04-09 | 7.5 HIGH | N/A |
| Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. | |||||
| CVE-2007-1851 | 1 Really Simple Php And Ajax | 1 Really Simple Php And Ajax | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the __class parameter to (1) Controller_v4.php or (2) Controller_v5.php. | |||||
| CVE-2007-3702 | 1 Mail Machine | 1 Mail Machine | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action. | |||||
| CVE-2007-4263 | 1 Cisco | 1 Ios | 2025-04-09 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. | |||||
| CVE-2007-2136 | 1 Bmc | 1 Patrol Perform Agent | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed. | |||||
| CVE-2006-5100 | 1 Netwin | 1 Webnews | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter. | |||||
| CVE-2006-5123 | 1 Phprojekt | 1 Phprojekt | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609. | |||||
| CVE-2006-6056 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image. | |||||
| CVE-2007-0680 | 1 Phpbb Tweaked | 1 Phpbb Tweaked | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1726 | 1 Icebb | 1 Icebb | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/. | |||||
| CVE-2007-1612 | 1 Katalog Plyt Audio | 1 Katalog Plyt Audio | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter. | |||||
| CVE-2009-0369 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. | |||||
| CVE-2006-7093 | 1 Mamboxchange | 1 Laithai | 2025-04-09 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-4872 | 1 Simplenews | 1 Simplenews | 2025-04-09 | 5.0 MEDIUM | N/A |
| SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages. | |||||
| CVE-2007-0257 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2025-04-09 | 7.2 HIGH | 7.8 HIGH |
| Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code | |||||
| CVE-2006-6902 | 1 Microsoft | 1 Windows 2003 Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | |||||
| CVE-2007-4152 | 1 Visionsoft | 1 Audit | 2025-04-09 | 9.3 HIGH | N/A |
| The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit. | |||||
| CVE-2007-2453 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 1.2 LOW | N/A |
| The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. | |||||