Total
29862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2041 | 1 Cisco | 2 2100 Wireless Lan Controller, 4400 Wireless Lan Controller | 2025-04-09 | 4.0 MEDIUM | N/A |
| Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195. | |||||
| CVE-2007-0578 | 1 Mpg123 | 1 Mpg123 | 2025-04-09 | 4.3 MEDIUM | N/A |
| The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. | |||||
| CVE-2009-3008 | 1 Christophe Thibault | 1 K-meleon | 2025-04-09 | 4.3 MEDIUM | N/A |
| K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker. | |||||
| CVE-2006-5880 | 1 Isystems | 1 Munch Pro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-0631 | 1 Eclectic Designs | 1 Cascadianfaq | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-5130 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-2921 | 1 Corel | 1 Activecgm Browser | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-5830 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile. | |||||
| CVE-2007-1474 | 1 Horde | 2 Horde Application Framework, Imp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. | |||||
| CVE-2007-3144 | 1 Mozilla | 1 Mozilla | 2025-04-09 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2006-6277 | 1 Contentserv | 1 Contentserv | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/FileServer.php in ContentServ 4.x allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter, a different vector than CVE-2005-3086. | |||||
| CVE-2007-4393 | 1 Suse | 1 Suse Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
| The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions. | |||||
| CVE-2006-7050 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php. | |||||
| CVE-2006-6452 | 1 Myarticles | 1 Myarticles | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php. | |||||
| CVE-2007-2940 | 1 Flap | 1 Flap | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php. | |||||
| CVE-2006-6904 | 1 Broadcom | 1 Bluetooth Stack | 2025-04-09 | 7.9 HIGH | N/A |
| Unspecified vulnerability in the Broadcom Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | |||||
| CVE-2008-0285 | 1 Ngircd | 1 Ngircd | 2025-04-09 | 5.0 MEDIUM | N/A |
| ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. | |||||
| CVE-2007-0281 | 1 Oracle | 3 Application Server, Collaboration Suite, Http Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. | |||||
| CVE-2006-5474 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2025-04-09 | 7.5 HIGH | N/A |
| The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset. | |||||
| CVE-2009-3563 | 1 Ntp | 1 Ntp | 2025-04-09 | 6.4 MEDIUM | N/A |
| ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. | |||||