Total
29859 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4658 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | |||||
| CVE-2009-0819 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 4.0 MEDIUM | N/A |
| sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. | |||||
| CVE-2007-1330 | 1 Comodo | 1 Comodo Firewall Pro | 2025-04-09 | 4.4 MEDIUM | N/A |
| Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times. | |||||
| CVE-2007-0688 | 1 Hunkaray Duyuru | 1 Scripti | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2576 | 1 East Wind Software | 1 Advdaudio.ocx | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976. | |||||
| CVE-2007-6682 | 1 Videolan | 1 Vlc | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | |||||
| CVE-2007-3610 | 1 Vastal I-tech | 1 Phpvid | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-2377 | 1 Getahead | 1 Direct Web Remoting | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2006-6634 | 1 Mambo | 1 Extcalthai Module | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. | |||||
| CVE-2008-0236 | 1 Microsoft | 1 Visual Foxpro | 2025-04-09 | 5.8 MEDIUM | N/A |
| An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. | |||||
| CVE-2007-0666 | 1 Ipswitch | 1 Ws Ftp Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module. | |||||
| CVE-2006-6299 | 1 Novell | 1 Zenworks Asset Management | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. | |||||
| CVE-2007-0962 | 1 Cisco | 3 Asa 5500, Firewall Services Module, Pix Firewall Software | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic. | |||||
| CVE-2007-3625 | 1 Citrix | 1 Metaframe Presentation Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. | |||||
| CVE-2007-0489 | 1 Visohotlink | 1 Visohotlink | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-2640 | 1 Heiko Stamer | 1 Libtmcg | 2025-04-09 | 7.8 HIGH | N/A |
| LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards. | |||||
| CVE-2006-6711 | 1 Newxooper | 1 Newxooper | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | |||||
| CVE-2006-5384 | 1 Cds Software Consortium | 1 Cds Agenda | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter. | |||||
| CVE-2007-2175 | 1 Apple | 1 Safari | 2025-04-09 | 7.6 HIGH | N/A |
| Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. | |||||
| CVE-2006-6781 | 1 Hlstats | 1 Hlstats | 2025-04-09 | 5.0 MEDIUM | N/A |
| HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message. | |||||