Total
29858 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6105 | 1 Gnome | 1 Gdm | 2025-04-09 | 4.3 MEDIUM | N/A |
| Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog. | |||||
| CVE-2007-3189 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-0359 | 1 Uberghey | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | |||||
| CVE-2006-6279 | 1 Alexphpteam | 1 Alex Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message. | |||||
| CVE-2006-5556 | 1 Hp | 1 Hp-ux | 2025-04-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable. | |||||
| CVE-2007-0931 | 2 Alcatel-lucent, Aruba | 2 Omniaccess Wireless, Mobility Controller | 2025-04-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings. | |||||
| CVE-2007-3981 | 1 Wsn Links | 1 Wsn Links | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action. | |||||
| CVE-2007-3421 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-6248 | 1 Gphotos | 1 Gphotos | 2025-04-09 | 7.8 HIGH | N/A |
| index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message. | |||||
| CVE-2007-0473 | 1 Smb4k | 1 Smb4k | 2025-04-09 | 1.9 LOW | N/A |
| The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file. | |||||
| CVE-2007-0231 | 1 Six Apart | 1 Movable Type | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field. | |||||
| CVE-2006-6636 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. | |||||
| CVE-2006-5211 | 1 Trend Micro | 1 Officescan Corporate Edition | 2025-04-09 | 6.4 MEDIUM | N/A |
| Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program. | |||||
| CVE-2007-0390 | 1 Sabros.us | 1 Sabros.us | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter. | |||||
| CVE-2007-0967 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests. | |||||
| CVE-2007-0418 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.5 HIGH | N/A |
| BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. | |||||
| CVE-2006-5133 | 1 Steve Poulsen | 1 Guildftpd | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars." | |||||
| CVE-2007-0029 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." | |||||
| CVE-2007-0554 | 1 Guo Xu Guos Posting System | 1 Guo Xu Guos Posting System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1338 | 1 Apple | 1 Airport Extreme | 2025-04-09 | 7.5 HIGH | N/A |
| The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4. | |||||