Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2062 | 1 Vcdgear | 1 Vcdgear | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file. | |||||
| CVE-2007-2025 | 1 Phpwiki | 1 Phpwiki | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file. | |||||
| CVE-2007-1129 | 1 Mtcms | 1 Mtcms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action. | |||||
| CVE-2007-0150 | 1 Dayfox Designs | 1 Dayfox Blog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters. | |||||
| CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2007-0665 | 1 Ipswitch | 1 Ws Ftp Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command. | |||||
| CVE-2007-3029 | 1 Microsoft | 2 Excel, Office | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. | |||||
| CVE-2007-2491 | 1 Vmware | 2 Server, Workstation | 2025-04-09 | 7.2 HIGH | N/A |
| The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337. | |||||
| CVE-2007-2048 | 1 Webmethods | 1 Glue | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter. | |||||
| CVE-2009-1157 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2025-04-09 | 7.8 HIGH | N/A |
| Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet. | |||||
| CVE-2007-4538 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 5.0 MEDIUM | N/A |
| email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. | |||||
| CVE-2007-3834 | 1 Exlibris Group | 1 Aleph | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835. | |||||
| CVE-2009-0654 | 1 Tor | 1 Tor | 2025-04-09 | 5.1 MEDIUM | N/A |
| Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve." | |||||
| CVE-2006-6217 | 1 Php-nuke | 1 Mermaid Module | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the module_name parameter. | |||||
| CVE-2007-1111 | 1 Activecalendar | 1 Activecalendar | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/. | |||||
| CVE-2007-2266 | 1 Progress | 1 Webspeed Messenger | 2025-04-09 | 10.0 HIGH | N/A |
| Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter. | |||||
| CVE-2006-6261 | 2 Microsoft, Quinnware | 7 Windows 2000, Windows 95, Windows 98 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields. | |||||
| CVE-2007-2962 | 1 Particle Soft | 1 Particle Gallery | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter. | |||||
| CVE-2006-7042 | 1 Chipmunk Scripts | 1 Chipmunk Directory | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||||
| CVE-2007-1664 | 2 Debian, Ekg | 2 Debian Linux, Ekg | 2025-04-09 | 5.0 MEDIUM | N/A |
| ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality. | |||||