Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5890 | 1 Superfreaker Studios | 1 Usupport | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2194 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue." | |||||
| CVE-2007-0495 | 1 Phpsherpa | 1 Phpsherpa | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. | |||||
| CVE-2007-3528 | 1 Dar | 1 Dar | 2025-04-09 | 5.0 MEDIUM | N/A |
| The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files. | |||||
| CVE-2007-2171 | 1 Novell | 1 Groupwise | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request. | |||||
| CVE-2007-3442 | 1 Research In Motion Limited | 1 Blackberry 7270 | 2025-04-09 | 2.3 LOW | N/A |
| Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header. | |||||
| CVE-2009-2946 | 2 Debian, Devscripts Devel Team | 2 Linux, Devscripts | 2025-04-09 | 9.3 HIGH | N/A |
| Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages. | |||||
| CVE-2007-3149 | 2 Mit, Todd Miller | 2 Kerberos 5, Sudo | 2025-04-09 | 7.2 HIGH | N/A |
| sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo." | |||||
| CVE-2008-2143 | 1 Microsoft | 1 Outlook Web Access | 2025-04-09 | 1.9 LOW | N/A |
| Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. | |||||
| CVE-2007-1158 | 1 Postnuke Software Foundation | 1 Pagesetter | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2007-2990 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file. | |||||
| CVE-2006-6639 | 1 Chetcpasswd | 1 Chetcpasswd | 2025-04-09 | 4.6 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line. | |||||
| CVE-2007-2951 | 1 Kvirc | 1 Irc Client | 2025-04-09 | 9.3 HIGH | N/A |
| The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI. | |||||
| CVE-2007-4121 | 1 E-commerce Solutions | 3 Auction Script, Multi-vendor E-shop Script, Shopping Cart Script | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6919 | 1 Sage-mozdev | 1 Sage | 2025-04-09 | 6.8 MEDIUM | N/A |
| Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script. | |||||
| CVE-2006-6697 | 1 Oracle | 1 Application Server Portal | 2025-04-09 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | |||||
| CVE-2007-2948 | 1 Mplayer | 1 Mplayer | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. | |||||
| CVE-2007-1297 | 1 Aj Square | 1 Ajdating | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2006-7183 | 1 Photography-on-the-net | 1 Exhibit Engine 2 | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | |||||
| CVE-2007-3100 | 1 Redhat | 2 Enterprise Linux, Open Iscsi | 2025-04-09 | 2.1 LOW | N/A |
| usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. | |||||