Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4787 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 5.8 MEDIUM | N/A |
| Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025. | |||||
| CVE-2008-5089 | 1 Datadynamics | 1 Activereports | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport, or (3) Canvas.Save method. | |||||
| CVE-2007-4281 | 1 Knowledgetree | 1 Open Source | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors. | |||||
| CVE-2007-4530 | 1 Teamspeak | 1 Web Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html. | |||||
| CVE-2009-0522 | 2 Adobe, Microsoft | 5 Air, Flash Player, Flash Player For Linux and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." | |||||
| CVE-2007-1307 | 2 Intel, Lenovo | 2 Pro 1000 Lan Adapter, Thinkpad | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors. | |||||
| CVE-2007-1595 | 1 Asterisk | 1 Asterisk | 2025-04-09 | 7.5 HIGH | N/A |
| The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form. | |||||
| CVE-2007-1401 | 1 Php | 1 Php | 2025-04-09 | 6.9 MEDIUM | N/A |
| Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function. | |||||
| CVE-2007-0308 | 1 Plain Black | 1 Webgui | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles. | |||||
| CVE-2007-4753 | 1 Thomson | 1 St 2030 Sip Phone | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553. | |||||
| CVE-2007-3435 | 1 Rkd Software | 1 Barcode Activex | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-2828 | 1 Johntp | 1 Adsense-deluxe | 2025-04-09 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. | |||||
| CVE-2009-0897 | 1 Ibm | 1 Websphere Partner Gateway | 2025-04-09 | 4.0 MEDIUM | N/A |
| IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script). | |||||
| CVE-2007-1879 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2025-04-09 | 9.3 HIGH | N/A |
| The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112. | |||||
| CVE-2006-5064 | 1 Birdblog | 1 Birdblog | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-6546 | 1 Cutenews Aj-fork | 1 Cutenews Aj-fork | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/shows.inc.php in cutenews aj-fork (CN:AJ) 167f and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter. | |||||
| CVE-2006-6922 | 1 Deadlock User Management System | 1 Deadlock User Management System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6344 | 1 Neocrome | 1 Seditio | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by CVE-2006-6177. NOTE: these issues might be related to SQL injection. | |||||
| CVE-2007-0298 | 1 Dexxaboy | 1 Lunarpoll | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter. | |||||
| CVE-2007-3099 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 2.1 LOW | N/A |
| usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). | |||||