Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5655 | 1 Opendocman | 1 Opendocman | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-3378 | 1 Mozilla | 1 Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. | |||||
| CVE-2007-0391 | 1 Bitdefender | 1 Bitdefender Client | 2025-04-09 | 7.2 HIGH | N/A |
| Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings. | |||||
| CVE-2006-5550 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2025-04-09 | 4.9 MEDIUM | N/A |
| The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto. | |||||
| CVE-2006-5820 | 1 Aol | 1 Aol | 2025-04-09 | 9.3 HIGH | N/A |
| The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. | |||||
| CVE-2006-6173 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.2 HIGH | N/A |
| Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter. | |||||
| CVE-2006-5412 | 1 Php Outburst | 1 Easynews | 2025-04-09 | 5.1 MEDIUM | N/A |
| admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter. | |||||
| CVE-2006-6810 | 1 Db Hub | 1 Db Hub | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption. | |||||
| CVE-2007-3419 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-2693 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 3.5 LOW | N/A |
| MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement. | |||||
| CVE-2007-0657 | 1 Alientrap | 1 Nexuiz | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command. | |||||
| CVE-2007-3671 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. | |||||
| CVE-2006-5078 | 1 Polaring | 1 Polaring | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter. | |||||
| CVE-2007-4164 | 1 Sun | 1 Java System Web Server | 2025-04-09 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. | |||||
| CVE-2007-2221 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." | |||||
| CVE-2007-3465 | 1 Sofaware | 1 Safe At Office 500 Utm | 2025-04-09 | 10.0 HIGH | N/A |
| Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password. | |||||
| CVE-2007-3606 | 1 Sap | 1 Enjoysap | 2025-04-09 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. | |||||
| CVE-2007-4087 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
| AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php. | |||||
| CVE-2007-0894 | 1 Mediawiki | 1 Mediawiki | 2025-04-09 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. | |||||
| CVE-2008-1203 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 7.5 HIGH | N/A |
| The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. | |||||