Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4191 | 1 Panda | 1 Panda Antivirus | 2025-04-09 | 6.9 MEDIUM | N/A |
| Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657. | |||||
| CVE-2007-2201 | 1 Post Revolution | 1 Post Revolution | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php. | |||||
| CVE-2007-1094 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 7.8 HIGH | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document. | |||||
| CVE-2010-0279 | 1 Bts-gi.net | 1 Read Excel | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3311 | 1 Xoops | 1 Articles Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2637 | 2 Moinmoin, Ubuntu | 2 Moinmoin, Ubuntu Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
| MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors. | |||||
| CVE-2007-1941 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843. | |||||
| CVE-2007-0982 | 1 Taskfreak | 1 Taskfreak | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5636 | 1 Sws | 1 Simple Website Software | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter. | |||||
| CVE-2007-3363 | 1 Ageet | 1 Agephone | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets. | |||||
| CVE-2006-6122 | 1 Tin | 1 Tin | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804. | |||||
| CVE-2007-0636 | 1 Inotify | 1 Incron | 2025-04-09 | 2.1 LOW | N/A |
| Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files." | |||||
| CVE-2009-2940 | 2 Pygresql, Python | 2 Pygresql, Python | 2025-04-09 | 7.5 HIGH | N/A |
| The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | |||||
| CVE-2007-2606 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE. | |||||
| CVE-2006-5803 | 1 Mxbb | 1 Mxbb Smartor Album | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2007-1780 | 1 Overlay Weaver | 1 Overlay Weaver | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms. | |||||
| CVE-2006-5164 | 1 Sum Effect Software | 1 Digishop | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters. | |||||
| CVE-2007-0392 | 1 Ibm | 1 Aix | 2025-04-09 | 4.6 MEDIUM | N/A |
| IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | |||||
| CVE-2007-3259 | 1 Vincent Hor | 1 Calendarix | 2025-04-09 | 5.0 MEDIUM | N/A |
| Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages. | |||||
| CVE-2007-0046 | 1 Adobe | 1 Acrobat Reader | 2025-04-09 | 7.5 HIGH | N/A |
| Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | |||||