Total
29862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1112 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2025-04-09 | 10.0 HIGH | N/A |
| Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. | |||||
| CVE-2006-5906 | 1 Jean-christophe Ramos | 1 Pls-bannieres | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use | |||||
| CVE-2008-4198 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page. | |||||
| CVE-2007-0812 | 1 Woltlab | 1 Burning Board Lite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter. | |||||
| CVE-2007-4931 | 1 Hp | 1 System Management Homepage | 2025-04-09 | 2.1 LOW | N/A |
| HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL. | |||||
| CVE-2007-2461 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix | 2025-04-09 | 7.8 HIGH | N/A |
| The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used. | |||||
| CVE-2007-2387 | 1 Apple | 1 Xserve Lights-out Management | 2025-04-09 | 10.0 HIGH | N/A |
| Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool. | |||||
| CVE-2007-1465 | 1 Dproxy | 1 Dproxy | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53. | |||||
| CVE-2007-3644 | 1 Freebsd | 1 Libarchive | 2025-04-09 | 4.3 MEDIUM | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. | |||||
| CVE-2007-1346 | 1 Sun | 1 Sun Fire | 2025-04-09 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server. | |||||
| CVE-2007-1551 | 1 Phpx | 1 Phpx | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php. | |||||
| CVE-2006-6010 | 1 Sap | 1 Sap Web Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747. | |||||
| CVE-2007-3445 | 3 Microsoft, Securecomputing, Sj Labs | 3 Windows Mobile, Sch I730 Phone, Sjphone | 2025-04-09 | 4.3 MEDIUM | N/A |
| Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351. | |||||
| CVE-2007-0667 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2025-04-09 | 6.5 MEDIUM | N/A |
| The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872. | |||||
| CVE-2006-6165 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-09 | 7.2 HIGH | 7.8 HIGH |
| ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment | |||||
| CVE-2007-2979 | 1 Techno Dreams | 1 Web Directory | 2025-04-09 | 7.8 HIGH | N/A |
| Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb. | |||||
| CVE-2006-6822 | 1 Enthrallweb | 1 Eclassifieds | 2025-04-09 | 3.5 LOW | N/A |
| myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | |||||
| CVE-2006-6921 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died. | |||||
| CVE-2006-5735 | 1 Punbb | 1 Punbb | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table. | |||||
| CVE-2007-4296 | 1 Anti-spam Smtp Proxy | 1 Server | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (ASSP) 1.3.3 has unknown impact and attack vectors. | |||||