Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3360 | 1 Bitchx | 1 Bitchx | 2025-04-09 | 9.3 HIGH | N/A |
| hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands. | |||||
| CVE-2006-6697 | 1 Oracle | 1 Application Server Portal | 2025-04-09 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | |||||
| CVE-2007-0917 | 1 Cisco | 1 Ios | 2025-04-09 | 6.4 MEDIUM | N/A |
| The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. | |||||
| CVE-2007-1013 | 1 Virtualsystem | 1 Htaccess Passwort Generator | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter. | |||||
| CVE-2007-1537 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | 3.6 LOW | N/A |
| \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. | |||||
| CVE-2007-0811 | 1 Microsoft | 1 Ie | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. | |||||
| CVE-2007-2383 | 1 Prototypejs | 1 Prototype Framework | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-4194 | 1 Guidance Software | 1 Encase | 2025-04-09 | 4.3 MEDIUM | N/A |
| Guidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service (stack memory consumption) and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory. It might overlap CVE-2007-4036. | |||||
| CVE-2007-1975 | 1 Slaed | 1 Slaed Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php. | |||||
| CVE-2007-0200 | 1 Geoffrey Golliher | 1 Axiom Photo News Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter. | |||||
| CVE-2006-6385 | 1 Intel | 4 Pro 1000 Adapters, Pro 1000 Pcie Adapters, Pro 10 100 Adapters and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers. | |||||
| CVE-2007-4280 | 1 Asterisk | 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more | 2025-04-09 | 3.5 LOW | N/A |
| The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. | |||||
| CVE-2007-4503 | 1 Joomla | 1 Nice Talk | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter. | |||||
| CVE-2007-1481 | 1 Wbblog | 1 Wbblog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd. | |||||
| CVE-2007-2386 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.4 HIGH | N/A |
| Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | |||||
| CVE-2007-3047 | 1 Vonage | 1 Voip Telephone Adapter | 2025-04-09 | 10.0 HIGH | N/A |
| The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access. | |||||
| CVE-2007-0468 | 1 Microsoft | 1 Visual Studio | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file. | |||||
| CVE-2007-4307 | 1 Storesprite | 1 Storesprite | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 and earlier allow remote attackers to inject arbitrary web script or HTML via the next parameter to (1) addaddress.php, (2) editshipdetails.php, (3) register.php, or (4) login.php in secure/. | |||||
| CVE-2007-3363 | 1 Ageet | 1 Agephone | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets. | |||||
| CVE-2006-6417 | 1 B2evolution | 1 B2evolution | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | |||||