Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2130 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. | |||||
| CVE-2007-3225 | 1 Sun | 1 Java System Directory Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors. | |||||
| CVE-2007-2808 | 2 Gnu, Yngve Svendsen | 2 Gnats, Gnatsweb | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter. | |||||
| CVE-2006-6266 | 1 Microsoft | 1 Teredo | 2025-04-09 | 6.8 MEDIUM | N/A |
| Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties. | |||||
| CVE-2008-2878 | 1 Yektaweb | 1 Academic Web Tools | 2025-04-09 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter. | |||||
| CVE-2007-2403 | 1 Apple | 3 Cfnetwork, Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. | |||||
| CVE-2007-1451 | 1 Guppy | 1 Guppy | 2025-04-09 | 6.4 MEDIUM | N/A |
| GuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression des fichiers d'installation" (delete.php). | |||||
| CVE-2006-5388 | 1 Webspell | 1 Webspell | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783. | |||||
| CVE-2007-4289 | 1 Sun | 1 Java System Portal Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. | |||||
| CVE-2006-5270 | 1 Microsoft | 5 Antigen, Forefront Security, Malware Protection Engine and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2007-1532 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 6.4 MEDIUM | N/A |
| The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. | |||||
| CVE-2007-4053 | 1 Linpha | 1 Linpha | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php. | |||||
| CVE-2006-5868 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | |||||
| CVE-2006-6913 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. | |||||
| CVE-2007-4389 | 1 2wire | 3 1701hg Router, 1800hw Router, 2071 Router | 2025-04-09 | 7.8 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters. | |||||
| CVE-2006-6754 | 1 Ixprim | 1 Ixprim Cms | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors. | |||||
| CVE-2007-2628 | 1 Justin Koivisto | 1 Phpsecurityadmin | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. | |||||
| CVE-2007-4146 | 1 Webevents | 1 Webevents | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6704 | 1 Atmail | 1 Atmail Webadmin | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." | |||||
| CVE-2007-0870 | 1 Microsoft | 1 Word | 2025-04-09 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. | |||||