Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6784 | 1 Netbula | 1 Anyboard | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form. | |||||
| CVE-2006-5396 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
| The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system. | |||||
| CVE-2006-5077 | 1 Minerva | 1 Minerva | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-6766 | 1 Cwm-design | 1 Cwmexplorer | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information. | |||||
| CVE-2007-4149 | 1 Visionsoft | 1 Audit | 2025-04-09 | 10.0 HIGH | N/A |
| The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2007-4243 | 1 Astaro | 1 Security Gateway | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data. | |||||
| CVE-2007-2053 | 1 Afflib | 1 Afflib | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. | |||||
| CVE-2007-4416 | 1 Jemjabella | 1 Bellabook | 2025-04-09 | 10.0 HIGH | N/A |
| captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application | |||||
| CVE-2008-2268 | 1 Mdsjack | 1 Mjguest | 2025-04-09 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6.7 GT Rev.01 allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in a redirect action to mjguest.php. NOTE: this is user-assisted because there is a delay and a notification before redirection occurs. | |||||
| CVE-2009-0318 | 1 Gnome | 1 Gnumeric | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2007-3906 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus 5.5 For Check Point Firewall- | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role. | |||||
| CVE-2006-6243 | 1 Fipsasp | 1 Fipsshop | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter. | |||||
| CVE-2007-2059 | 1 Eiqnetworks | 1 Enterprise Security Analyzer | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command. | |||||
| CVE-2007-2036 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-09 | 10.0 HIGH | N/A |
| The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. | |||||
| CVE-2006-6914 | 1 Ibm | 1 Aix | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors. | |||||
| CVE-2006-7091 | 1 Hinton Design | 1 Phpht Topsites Free | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6556 | 1 Eyeos | 1 Eyeos | 2025-04-09 | 7.5 HIGH | N/A |
| The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation. | |||||
| CVE-2008-4584 | 1 Chilkat Software | 1 Mail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method. | |||||
| CVE-2006-5596 | 1 Aep Networks | 1 Smartgate Ssl Server | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request. | |||||
| CVE-2006-5968 | 1 Alt-n | 1 Mdaemon | 2025-04-09 | 4.6 MEDIUM | N/A |
| MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP folder, which is an untrusted search path element due to insecure permissions. | |||||