Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3839 | 1 Tbdev.net | 1 Dr | 2025-04-09 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2671 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.1 HIGH | N/A |
| Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access. | |||||
| CVE-2007-2514 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. | |||||
| CVE-2006-7067 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.0 MEDIUM | N/A |
| Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect. | |||||
| CVE-2007-4151 | 1 Visionsoft | 1 Audit | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner. | |||||
| CVE-2007-3553 | 1 Oracle | 2 Application Server, Rapid Install Web Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0620 | 1 Vlad Leont | 1 Fd Script | 2025-04-09 | 5.0 MEDIUM | N/A |
| download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php. | |||||
| CVE-2007-3817 | 1 Drupal | 1 Logintoboggan Module | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE: Drupal sanitizes the username by removing certain characters, so this might not be a vulnerability on default installations. | |||||
| CVE-2007-0607 | 1 W-agora | 1 W-agora | 2025-04-09 | 4.3 MEDIUM | N/A |
| W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. | |||||
| CVE-2008-5360 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 6.4 MEDIUM | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. | |||||
| CVE-2007-0416 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.5 HIGH | N/A |
| The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security. | |||||
| CVE-2007-1096 | 1 Virtuemart | 1 Virtuemart | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376. | |||||
| CVE-2007-3530 | 1 Phpdirector | 1 Phpdirector | 2025-04-09 | 7.2 HIGH | N/A |
| PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file. | |||||
| CVE-2006-6779 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. | |||||
| CVE-2007-0082 | 1 Imgallery | 1 Imgallery | 2025-04-09 | 6.5 MEDIUM | N/A |
| users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. | |||||
| CVE-2007-1557 | 1 F-secure | 1 F-secure Anti-virus | 2025-04-09 | 7.2 HIGH | N/A |
| Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page. | |||||
| CVE-2007-3828 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386. | |||||
| CVE-2006-6506 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits. | |||||
| CVE-2006-5985 | 1 Extreme Cms | 1 Extreme Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2007-2406 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quartz Composer | 2025-04-09 | 6.8 MEDIUM | N/A |
| Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file. | |||||