Total
29862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1352 | 8 Mandrakesoft, Openbsd, Redhat and 5 more | 14 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall and 11 more | 2025-04-09 | 3.8 LOW | N/A |
| Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. | |||||
| CVE-2006-5841 | 1 Dodos Scripts | 1 Dodosmail | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters. | |||||
| CVE-2006-6409 | 1 F-secure | 1 F-secure Anti-virus | 2025-04-09 | 10.0 HIGH | N/A |
| F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and possibly bypass virus detection, by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | |||||
| CVE-2007-3599 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 8.5 HIGH | N/A |
| vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. | |||||
| CVE-2007-4400 | 1 Konversation | 1 Konversation | 2025-04-09 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | |||||
| CVE-2007-2383 | 1 Prototypejs | 1 Prototype Framework | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2006-7051 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory. | |||||
| CVE-2006-6879 | 1 Php-update | 1 Php-update | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. | |||||
| CVE-2006-6792 | 1 Mxmania | 1 Calendar Mx Basic | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3906 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus 5.5 For Check Point Firewall- | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role. | |||||
| CVE-2006-5849 | 1 Irayoblog | 1 Irayoblog | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter. | |||||
| CVE-2007-2690 | 1 Iss | 3 Proventia A Series Xpu, Proventia G Series Xpu, Proventia M Series Xpu | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | |||||
| CVE-2007-4479 | 1 Aleadsoft.com | 1 Search Engine Builder Professional | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Search Engine Builder allows remote attackers to inject arbitrary web script or HTML via the searWords parameter. | |||||
| CVE-2006-7103 | 1 Ezonlinegallery | 1 Ezonlinegallery | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php. | |||||
| CVE-2006-6025 | 1 Qualcomm | 1 Eudora Worldmail | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-0561 | 1 Xero Portal | 1 Xero Portal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/. | |||||
| CVE-2007-0323 | 1 Rim | 1 Teamon Import Object Activex Control | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-5496 | 1 Timothy Claason | 1 Knowledgebank | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php. | |||||
| CVE-2007-2927 | 2 Atheros, Microsoft | 2 Wireless Adapter Drivers, All Windows | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. | |||||
| CVE-2006-5732 | 1 Tgs Cms | 1 Tgs Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie. | |||||