Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6266 | 1 Microsoft | 1 Teredo | 2025-04-09 | 6.8 MEDIUM | N/A |
| Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties. | |||||
| CVE-2007-1800 | 1 Cisco | 1 Trust Agent | 2025-04-09 | 7.5 HIGH | N/A |
| Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices. | |||||
| CVE-2007-3612 | 1 Visual Irc | 1 Visual Irc | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. | |||||
| CVE-2007-4363 | 1 Drupal | 1 Content Construction Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. | |||||
| CVE-2006-5802 | 1 The Web Drivers | 1 Simple Forum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5771 | 1 Arkoon | 1 Ssl360 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1179 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
| WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks. | |||||
| CVE-2007-5481 | 1 Distributed Checksum Clearinghouse | 1 Dcc | 2025-04-09 | 5.0 MEDIUM | N/A |
| Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood." | |||||
| CVE-2008-0313 | 1 Symantec | 4 Norton 360, Norton Antivirus, Norton Internet Security and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share. | |||||
| CVE-2007-1205 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. | |||||
| CVE-2007-0177 | 1 Mediawiki | 1 Mediawiki | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3215 | 1 Phpmailer | 1 Phpmailer | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. | |||||
| CVE-2006-5781 | 1 Iodine | 1 Iodine | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the handshake function in iodine 0.3.2 allows remote attackers to execute arbitrary code via a crafted DNS response. | |||||
| CVE-2007-3786 | 1 Esoft | 1 Instagate Ex2 Utm | 2025-04-09 | 9.3 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer | |||||
| CVE-2007-2270 | 1 Linksys | 1 Spa941 | 2025-04-09 | 7.8 HIGH | N/A |
| The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request. | |||||
| CVE-2007-0536 | 1 Rpath | 1 Rpath Linux | 2025-04-09 | 7.2 HIGH | N/A |
| The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | |||||
| CVE-2007-3134 | 1 Atom | 1 Photoblog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments." | |||||
| CVE-2007-1127 | 1 Watersweb Shops | 1 Shop Kit Plus | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter. | |||||
| CVE-2008-6769 | 1 Peterselie | 1 Yourplace | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||||
| CVE-2007-3415 | 1 Phpraider | 1 Phpraider | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter. | |||||