Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4198 | 1 Brian Carrier | 1 The Slueth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
| The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read. | |||||
| CVE-2007-1373 | 1 Pmail | 1 Mercury Mail Transport System | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961. | |||||
| CVE-2007-2186 | 2 Foxit, Microsoft | 9 Pdf Reader, Windows 2000, Windows 2003 Server and 6 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | |||||
| CVE-2006-3875 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-09 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. | |||||
| CVE-2008-3630 | 2 Apple, Microsoft | 6 Bonjour, Windows-nt, Windows 2000 and 3 more | 2025-04-09 | 6.4 MEDIUM | N/A |
| mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | |||||
| CVE-2006-6116 | 1 Fipsasp | 1 Fipsforum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter. | |||||
| CVE-2007-1339 | 1 Monitor-line | 1 Links Management | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter. | |||||
| CVE-2007-1293 | 1 Rigter Portal System | 1 Rigter Portal System | 2025-04-09 | 5.8 MEDIUM | N/A |
| SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php. | |||||
| CVE-2007-0387 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-5182 | 1 Dan Jensen | 1 Travelsized Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | |||||
| CVE-2007-2715 | 1 Snaps Gallery | 1 Snaps Gallery | 2025-04-09 | 10.0 HIGH | N/A |
| Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action. | |||||
| CVE-2006-5551 | 1 Qksoft | 1 Qk Smtp | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command. | |||||
| CVE-2007-1989 | 1 Dotclear | 1 Dotclear | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2995 | 1 Ibm | 1 Aix | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. | |||||
| CVE-2006-7010 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. | |||||
| CVE-2006-6699 | 1 Oracle | 1 Application Server Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697. | |||||
| CVE-2007-4175 | 1 Openrat | 1 Openrat Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters. | |||||
| CVE-2007-3807 | 1 Sitescape | 1 Sitescape Forum | 2025-04-09 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors. | |||||
| CVE-2009-2296 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 10.0 HIGH | N/A |
| The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors. | |||||
| CVE-2007-3813 | 1 Mkportal | 1 Noboard Module | 2025-04-09 | 4.3 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter. | |||||