Total
29560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3965 | 1 Ufmod | 1 Ufmod Xm Player Library | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and attack vectors, possibly related to malformed files, and possibly an integer signedness error for relative note instruments. | |||||
| CVE-2007-3722 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 2.1 LOW | N/A |
| The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | |||||
| CVE-2006-5931 | 1 Aigaion | 1 Aigaion | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5252 | 1 Webmedia Explorer | 1 Webmedia Explorer | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter. | |||||
| CVE-2006-5214 | 2 Netbsd, Sun | 3 Netbsd, Solaris, Sunos | 2025-04-09 | 1.2 LOW | N/A |
| Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. | |||||
| CVE-2006-7052 | 1 Keith Reichley | 1 Dotwidget For Articles | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php. | |||||
| CVE-2007-0210 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. | |||||
| CVE-2006-5443 | 1 Xiao Gang | 1 Www Interactive Mathematics Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights." | |||||
| CVE-2006-5404 | 1 Symantec | 4 Automated Support Assistant, Norton Antivirus, Norton Internet Security and 1 more | 2025-04-09 | 2.6 LOW | N/A |
| Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2006-6091 | 1 Grimbb | 1 Grimbb | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3633 | 1 Chilkat Software | 1 Chilkat Zip Activex Control | 2025-04-09 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method. | |||||
| CVE-2007-0661 | 1 Intel | 9 Enterprise Southbridge 2 Bmc, Enterprise Southbridge Bmc, Server Board S5000pal and 6 more | 2025-04-09 | 5.4 MEDIUM | N/A |
| Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service. | |||||
| CVE-2009-0819 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 4.0 MEDIUM | N/A |
| sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. | |||||
| CVE-2007-0248 | 1 Squid | 1 Squid | 2025-04-09 | 5.0 MEDIUM | N/A |
| The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. | |||||
| CVE-2006-6184 | 1 Alliedtelesyn | 1 At-tftp | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command. | |||||
| CVE-2006-7008 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. | |||||
| CVE-2007-0179 | 1 Phpkit | 1 Phpkit | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter. | |||||
| CVE-2007-1934 | 1 Php-nuke | 1 Eboard Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter. | |||||
| CVE-2006-6204 | 1 Enthrallweb | 1 Ehomes | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp. | |||||
| CVE-2006-6113 | 1 James Greenwood | 1 Monkey Boards | 2025-04-09 | 5.0 MEDIUM | N/A |
| Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path. | |||||