Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3894 | 1 Dag.wieers | 1 Dstat | 2025-04-09 | 4.4 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory. | |||||
| CVE-2006-5651 | 1 Digioz | 1 Digioz Guestbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message. | |||||
| CVE-2007-2625 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0575 | 1 Stefan Holmberg | 1 Admentor | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administrative login page (admin/login.asp) in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields. | |||||
| CVE-2006-5807 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 4.6 MEDIUM | N/A |
| Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion". | |||||
| CVE-2007-2548 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2025-04-09 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation." | |||||
| CVE-2007-0121 | 1 Michael Romedahl | 1 Ri Blog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2007-1410 | 1 Gaziyapboz | 1 Game Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter. | |||||
| CVE-2006-7075 | 1 Aqualung | 1 Aqualung | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file. | |||||
| CVE-2007-0132 | 1 Igeneric | 1 Ig Shop | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2771 | 1 Lead Technologies | 1 Leadtools Jpeg 2000 | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property. | |||||
| CVE-2007-0261 | 1 Snews | 1 Snews | 2025-04-09 | 10.0 HIGH | N/A |
| snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. | |||||
| CVE-2006-6127 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
| Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. | |||||
| CVE-2007-1530 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 5.0 MEDIUM | N/A |
| The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. | |||||
| CVE-2006-6660 | 1 Kde | 1 Libkhtml | 2025-04-09 | 4.3 MEDIUM | N/A |
| The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. | |||||
| CVE-2007-3622 | 1 Alt-n | 1 Mdaemon | 2025-04-09 | 2.6 LOW | N/A |
| Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages. | |||||
| CVE-2006-6866 | 1 Stphp | 1 Easynews | 2025-04-09 | 7.8 HIGH | N/A |
| STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. | |||||
| CVE-2007-0077 | 1 Lblog | 1 Lblog | 2025-04-09 | 5.0 MEDIUM | N/A |
| lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/. | |||||
| CVE-2006-5640 | 1 Techno Dreams | 1 Techno Dreams Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2007-1900 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | |||||