Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6028 | 1 Anton Vlasov | 1 Dosepa | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path in the file parameter. | |||||
| CVE-2009-3008 | 1 Christophe Thibault | 1 K-meleon | 2025-04-09 | 4.3 MEDIUM | N/A |
| K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker. | |||||
| CVE-2006-6505 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers. | |||||
| CVE-2009-2761 | 1 Avira | 2 Antivir, Antivir Security Suite | 2025-04-09 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory. | |||||
| CVE-2007-4785 | 1 Sony | 1 Micro Vault Fingerprint Access Software | 2025-04-09 | 6.8 MEDIUM | N/A |
| Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory. | |||||
| CVE-2009-3978 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. | |||||
| CVE-2007-1587 | 1 Tim Soderstrom | 1 Statsdawg | 2025-04-09 | 10.0 HIGH | N/A |
| templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter. | |||||
| CVE-2006-6339 | 1 Devilz Clanportal | 1 Devilz Clanportal | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request. | |||||
| CVE-2007-2152 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-09 | 7.9 HIGH | N/A |
| Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. | |||||
| CVE-2007-2302 | 1 Expow | 1 Expow | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter. | |||||
| CVE-2006-5908 | 1 Lucas Rodriguez San Pedro | 1 Yet Another News System | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | |||||
| CVE-2007-1117 | 1 Microsoft | 1 Publisher | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. | |||||
| CVE-2007-0669 | 1 Twiki | 1 Twiki | 2025-04-09 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files. | |||||
| CVE-2007-2796 | 1 Arris | 1 Cadant C3 Cmts | 2025-04-09 | 7.8 HIGH | N/A |
| Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option. | |||||
| CVE-2007-0176 | 1 Gforge | 1 Gforge | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. | |||||
| CVE-2009-0374 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue. | |||||
| CVE-2006-5828 | 1 Deltascripts | 1 Php Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2007-2712 | 1 Mh Software | 1 Connect Daily | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors. | |||||
| CVE-2006-5389 | 1 Wyana | 1 Php-wyana | 2025-04-09 | 5.0 MEDIUM | N/A |
| tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message. | |||||
| CVE-2006-5887 | 1 Dynamic Dataworx | 1 Nuschool | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. | |||||