Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0580 | 1 Javier Suarez Sanz | 1 Foro Domus | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter. | |||||
| CVE-2006-6130 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.9 MEDIUM | N/A |
| Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket. | |||||
| CVE-2006-5260 | 1 Compteur | 1 Compteur | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in compteur.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the cp parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5609 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter. | |||||
| CVE-2007-0434 | 1 Bea | 1 Aqualogic Enterprise Security | 2025-04-09 | 4.6 MEDIUM | N/A |
| BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection. | |||||
| CVE-2007-0652 | 1 Mailenable | 1 Mailenable Professional | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. | |||||
| CVE-2006-5657 | 1 Vilistextum | 1 Vilistextum | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors. | |||||
| CVE-2008-1146 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. | |||||
| CVE-2007-4412 | 1 Headstart Solutions | 1 Deskpro | 2025-04-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side." | |||||
| CVE-2007-3412 | 1 Clicktech | 1 Clickgallery | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. | |||||
| CVE-2009-2238 | 1 Dmxready | 1 Registration Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager. | |||||
| CVE-2007-2861 | 1 Saxon | 1 Saxon | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php. | |||||
| CVE-2007-3513 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). | |||||
| CVE-2007-2013 | 1 Jex-treme | 1 Einfacher Passworschutz | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2007-0614 | 1 Apple | 3 Ichat, Instant Message Framework, Mac Os X | 2025-04-09 | 7.8 HIGH | N/A |
| The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key. | |||||
| CVE-2007-1030 | 1 Niels Provos | 1 Libevent | 2025-04-09 | 7.8 HIGH | N/A |
| Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. | |||||
| CVE-2006-5984 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable. | |||||
| CVE-2006-6191 | 1 8pixel.net | 1 Simple Blog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1486 | 1 Carbonize | 1 Lazarus Guestbook | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability. | |||||
| CVE-2007-4079 | 1 Alstrasoft | 1 Sms Text Messaging Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php. | |||||