Total
29560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1775 | 1 Jbrowser | 1 Jbrowser | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4229 | 1 Kde | 1 Konqueror | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5565 | 1 Maxdev | 1 Md-pro | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-0409 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 1.5 LOW | N/A |
| BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. | |||||
| CVE-2007-2953 | 1 Vim Development Group | 1 Vim | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. | |||||
| CVE-2007-3282 | 1 Microsoft | 2 Office, Office Msodatasourcecontrol Activex | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. | |||||
| CVE-2007-0279 | 1 Oracle | 2 E-business Suite, Http Server | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. | |||||
| CVE-2007-0679 | 1 Nicolas Grandjean | 1 Phpmyring | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter. | |||||
| CVE-2008-1902 | 1 Debian | 1 Aptlinex | 2025-04-09 | 5.0 MEDIUM | N/A |
| The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL. | |||||
| CVE-2007-4114 | 1 Suskunduygular | 1 Suskunduygular Uyelik Sistemi | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2251 | 1 Xaraya | 1 Xaraya | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd. | |||||
| CVE-2006-7080 | 1 Exv2 | 1 Content Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter. | |||||
| CVE-2007-2173 | 2 Double Precision Incorporated, Gentoo | 2 Courier-imap, Linux | 2025-04-09 | 10.0 HIGH | N/A |
| Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | |||||
| CVE-2007-2162 | 2 Gnu, Mozilla | 2 Iceweasel, Firefox | 2025-04-09 | 7.8 HIGH | N/A |
| (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2007-2578 | 1 Acp3 | 1 Acp3 | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] parameter. | |||||
| CVE-2007-0264 | 1 Winzip | 1 Winzip | 2025-04-09 | 6.6 MEDIUM | N/A |
| Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2233 | 1 Cosign | 1 Cosign | 2025-04-09 | 6.5 MEDIUM | N/A |
| cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username. | |||||
| CVE-2006-3974 | 1 3com | 1 3cr860-95 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. | |||||
| CVE-2007-1464 | 1 Inkscape | 1 Inkscape | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-5353 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewrite Module, aka Vuln# OHS01. | |||||