Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2102 | 1 My Little Homepage | 1 My Little Weblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087. | |||||
| CVE-2007-4239 | 1 C-sam | 1 Onewallet | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter. | |||||
| CVE-2007-2132 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02. | |||||
| CVE-2006-5922 | 1 Wheatblog | 1 Wheatblog | 2025-04-09 | 5.0 MEDIUM | N/A |
| index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message. | |||||
| CVE-2008-1480 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 4.3 MEDIUM | N/A |
| rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request. | |||||
| CVE-2007-0001 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 4.7 MEDIUM | N/A |
| The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. | |||||
| CVE-2007-0650 | 1 Makeindex | 1 Makeindex | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function. | |||||
| CVE-2006-5492 | 1 Maarch | 1 Maarch | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants." | |||||
| CVE-2007-2268 | 1 Swsoft | 1 Plesk | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. | |||||
| CVE-2006-6252 | 1 Microsoft | 1 Windows Live Messenger | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. | |||||
| CVE-2009-2625 | 7 Apache, Canonical, Debian and 4 more | 9 Xerces2 Java, Ubuntu Linux, Debian Linux and 6 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | |||||
| CVE-2007-0430 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.9 MEDIUM | N/A |
| The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | |||||
| CVE-2007-2409 | 1 Apple | 3 Mac Os X, Mac Os X Server, Webcore | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. | |||||
| CVE-2007-3566 | 1 Borland Software | 1 Interbase | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp. | |||||
| CVE-2007-1491 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2025-04-09 | 5.2 MEDIUM | N/A |
| Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. | |||||
| CVE-2007-0797 | 1 Bluevirus-design | 1 Sma-db | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter. | |||||
| CVE-2007-4409 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | 5.1 MEDIUM | N/A |
| Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives. | |||||
| CVE-2006-6350 | 1 Iisworks | 1 Listpics | 2025-04-09 | 10.0 HIGH | N/A |
| listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb. | |||||
| CVE-2007-0297 | 1 Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03. | |||||
| CVE-2007-1963 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. | |||||