Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3537 | 1 Ibm | 1 Os 400 | 2025-04-09 | 7.8 HIGH | N/A |
| IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules. | |||||
| CVE-2007-4032 | 1 Crystal Reality Llc | 1 Crystalplayer Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote attackers to execute arbitrary code via a long string in a .mls Playlist file. | |||||
| CVE-2006-5314 | 1 Phplibre | 1 Tribunalibre | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ftag.php in TribunaLibre 3.12 Beta allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter. | |||||
| CVE-2007-3055 | 1 Codelib | 1 Linker | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2007-6019 | 1 Adobe | 4 Air, Flash, Flash Player and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. | |||||
| CVE-2007-2691 | 3 Canonical, Debian, Mysql | 3 Ubuntu Linux, Debian Linux, Mysql | 2025-04-09 | 4.9 MEDIUM | N/A |
| MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | |||||
| CVE-2007-2125 | 1 Oracle | 1 Collaboration Suite | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01. | |||||
| CVE-2007-1169 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 5.0 MEDIUM | N/A |
| The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network. | |||||
| CVE-2006-5081 | 1 Jl Webworks | 1 Quickblogger | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2008-4315 | 2 Openpegasus, Redhat | 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 6.8 MEDIUM | N/A |
| tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. | |||||
| CVE-2007-4366 | 1 Wengo | 1 Wengophone | 2025-04-09 | 5.0 MEDIUM | N/A |
| WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | |||||
| CVE-2007-3006 | 1 Acoustica | 1 Acoustica Mp3 Cd Burner | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected. | |||||
| CVE-2006-5074 | 1 Php Invoice | 1 Php Invoice | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter. | |||||
| CVE-2007-4421 | 1 Olate | 1 Olatedownload | 2025-04-09 | 9.3 HIGH | N/A |
| SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie. | |||||
| CVE-2007-0427 | 1 Microsoft | 1 Html Help Workshop | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section. | |||||
| CVE-2007-3211 | 1 Domain Technologie Control | 1 Domain Technologie Control | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3382 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
| layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-6595 | 1 Scriptmate | 1 User Manager | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via "Manage Resources" and possibly other unspecified components. | |||||
| CVE-2007-2180 | 1 Nullsoft | 1 Winamp | 2025-04-09 | 7.1 HIGH | N/A |
| Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. | |||||
| CVE-2006-5393 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 2.1 LOW | 5.5 MEDIUM |
| Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session. | |||||