Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3378 | 1 Mozilla | 1 Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. | |||||
| CVE-2007-3986 | 1 Securecomputing | 1 Securityreporter | 2025-04-09 | 5.0 MEDIUM | N/A |
| file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. | |||||
| CVE-2006-5160 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.8 HIGH | 8.1 HIGH |
| Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. | |||||
| CVE-2006-5922 | 1 Wheatblog | 1 Wheatblog | 2025-04-09 | 5.0 MEDIUM | N/A |
| index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message. | |||||
| CVE-2006-5927 | 1 Asp Scripter | 2 Easy Portal, Live Support | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2006-7188 | 1 Web-app.net | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
| The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable. | |||||
| CVE-2006-5991 | 1 Cactusoft | 1 Cactushop | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp. | |||||
| CVE-2006-6464 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2025-04-09 | 5.0 MEDIUM | N/A |
| viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart. | |||||
| CVE-2007-0024 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." | |||||
| CVE-2007-3150 | 1 Google | 1 Desktop | 2025-04-09 | 9.3 HIGH | N/A |
| Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file. | |||||
| CVE-2006-5797 | 1 Xenis | 1 Xenis.creator Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in default.asp in Xenis.creator CMS allow remote attackers to execute arbitrary SQL commands via the (1) nav, (2) s, or (3) print parameters. | |||||
| CVE-2008-6811 | 2 Instinct, Wordpress | 2 E-commerce Plugin, Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/. | |||||
| CVE-2007-2915 | 1 Rm Easymail | 1 Rm Easymail Plus | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email. | |||||
| CVE-2007-1794 | 2 Mozilla, Sun | 3 Mozilla, Solaris, Sunos | 2025-04-09 | 10.0 HIGH | N/A |
| The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805. | |||||
| CVE-2008-0445 | 1 Elog | 1 Elog | 2025-04-09 | 5.0 MEDIUM | N/A |
| The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6016 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | |||||
| CVE-2006-6787 | 1 Mxmania | 1 Newsletter Mx | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2007-2754 | 1 Freetype | 1 Freetype | 2025-04-09 | 6.8 MEDIUM | N/A |
| Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. | |||||
| CVE-2007-0021 | 1 Apple | 1 Ichat | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. | |||||
| CVE-2007-1431 | 1 Pennmush | 1 Pennmush | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2 before 1.8.2p3 allow attackers to cause a denial of service (crash) related to the (1) speak and (2) buy functions. | |||||