Total
29560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3741 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption). | |||||
| CVE-2007-5970 | 1 Oracle | 1 Mysql | 2025-04-09 | 5.8 MEDIUM | N/A |
| MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. | |||||
| CVE-2007-1296 | 1 Aj Square | 1 Aj Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter. | |||||
| CVE-2006-6021 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | |||||
| CVE-2009-1659 | 1 Intelliants | 1 Elitius | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/. | |||||
| CVE-2006-6413 | 1 Amateras | 1 Amateras Sns | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1028 | 1 Barry Jaspan | 1 Image Pager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element. | |||||
| CVE-2006-5780 | 1 Xlink Technology | 1 Omni-nfs Server | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm. | |||||
| CVE-2007-2838 | 2 Debian, Gsambad | 2 Debian Linux, Gsambad | 2025-04-09 | 7.2 HIGH | N/A |
| The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file. | |||||
| CVE-2007-1423 | 1 Work System E-commerce | 1 Work System E-commerce | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts. | |||||
| CVE-2009-1634 | 1 Novell | 1 Groupwise | 2025-04-09 | 7.5 HIGH | N/A |
| The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. | |||||
| CVE-2006-6657 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 2.1 LOW | N/A |
| The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors. | |||||
| CVE-2007-1969 | 1 Sam Crew | 1 Myblog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2007-5632 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions. | |||||
| CVE-2007-0403 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | |||||
| CVE-2009-3005 | 1 Lunascape | 1 Lunascape | 2025-04-09 | 4.3 MEDIUM | N/A |
| Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. | |||||
| CVE-2007-1299 | 1 Mani Stats Reader | 1 Mani Stats Reader | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter. | |||||
| CVE-2007-2030 | 1 Redhat | 2 Enterprise Linux, Fedora Core | 2025-04-09 | 4.9 MEDIUM | N/A |
| lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. | |||||
| CVE-2007-2093 | 1 Limesoft | 1 Limesoft Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter. | |||||
| CVE-2007-1872 | 1 Toenda Software Development | 1 Toendacms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id. | |||||