Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1402 | 1 Rediff | 1 Toolbar | 2025-04-09 | 7.5 HIGH | N/A |
| The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments. | |||||
| CVE-2006-5106 | 1 Facileforms | 1 Facileforms | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3314 | 1 Altap | 2 Portable Executable Viewer, Servant Salamander | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file. | |||||
| CVE-2006-6570 | 1 Genesistrader | 1 Genesistrader | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich "foap" action. | |||||
| CVE-2006-5549 | 1 Adobe | 1 Adobe Php Ria Sdk | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant | |||||
| CVE-2007-2232 | 1 Cosign | 1 Cosign | 2025-04-09 | 7.5 HIGH | N/A |
| The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter. | |||||
| CVE-2007-2100 | 1 Fac Guestbook | 1 Fac Guestbook | 2025-04-09 | 10.0 HIGH | N/A |
| FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb. | |||||
| CVE-2007-0164 | 1 Camouflage | 1 Camouflage | 2025-04-09 | 7.8 HIGH | N/A |
| Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information. | |||||
| CVE-2007-2533 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll. | |||||
| CVE-2007-2033 | 1 Cisco | 1 Wireless Control System | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596. | |||||
| CVE-2007-0112 | 1 Createauction | 1 Createauction | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-2386 | 1 Microsoft | 1 Outlook Express | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. | |||||
| CVE-2007-0318 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.8 HIGH | N/A |
| The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. | |||||
| CVE-2007-0942 | 1 Microsoft | 6 Ie, Internet Explorer, Windows 2000 and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. | |||||
| CVE-2006-5326 | 1 Phpbb Prillian | 1 French Language Pack | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language/lang/lang_contact_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-0905 | 2 Php, Trustix | 2 Php, Secure Linux | 2025-04-09 | 7.5 HIGH | N/A |
| PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. | |||||
| CVE-2007-3205 | 2 Hardened-php Project, Php | 3 Hardened-php, Subhosin, Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin. | |||||
| CVE-2007-4426 | 1 Live For Speed | 1 Live For Speed | 2025-04-09 | 5.0 MEDIUM | N/A |
| Live for Speed (LFS) S1 and S2 allows remote attackers to cause a denial of service (server crash) via (1) a certain 0x00 byte in a pre-login ID 3 packet, which triggers a NULL dereference; or (2) a pre-login ID 5 packet that lacks certain strings, which triggers an invalid pointer dereference. | |||||
| CVE-2007-1191 | 1 Quicksilver | 1 Del.icio.us Module | 2025-04-09 | 2.1 LOW | N/A |
| The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2007-1266 | 1 Gnome | 1 Evolution | 2025-04-09 | 5.0 MEDIUM | N/A |
| Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||