Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6707 | 1 Mcafee | 2 Neotrace, Visual Trace | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6777 | 1 Future Internet | 1 Future Internet | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action. | |||||
| CVE-2007-2283 | 1 Freshdevices | 1 Freshview | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file. | |||||
| CVE-2006-6265 | 1 Microsoft | 1 Teredo | 2025-04-09 | 5.8 MEDIUM | N/A |
| Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure. | |||||
| CVE-2007-3234 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2007-3608 | 1 Sap | 1 Enjoysap | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors. | |||||
| CVE-2006-7006 | 1 Robin De Graff | 1 Somery | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals | |||||
| CVE-2007-4135 | 1 Nfsv4 | 1 Nfsidmap | 2025-04-09 | 6.2 MEDIUM | N/A |
| The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client. | |||||
| CVE-2007-2903 | 1 Microsoft | 1 Office | 2025-04-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2006-5106 | 1 Facileforms | 1 Facileforms | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3949 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 8.3 HIGH | N/A |
| mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. | |||||
| CVE-2006-5514 | 1 Web Group Communication Center | 1 Web Group Communication Center | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter. | |||||
| CVE-2007-1871 | 1 Chcounter | 1 Chcounter | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/. | |||||
| CVE-2007-0545 | 1 Maxtricity | 1 Tagger | 2025-04-09 | 7.8 HIGH | N/A |
| Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb. | |||||
| CVE-2007-2384 | 1 Script.aculo.us | 1 Script.aculo.us | 2025-04-09 | 7.8 HIGH | N/A |
| The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-2071 | 1 Open-gorotto | 1 Open-gorotto | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/. | |||||
| CVE-2006-4099 | 1 Businessobjects | 1 Crystal Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
| Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. | |||||
| CVE-2007-0465 | 1 Apple | 2 Installer, Mac Os X | 2025-04-09 | 7.6 HIGH | N/A |
| Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. | |||||
| CVE-2007-2989 | 1 Sun | 1 Solaris | 2025-04-09 | 7.8 HIGH | N/A |
| The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298. | |||||
| CVE-2007-0654 | 1 X Multimedia System | 1 X Multimedia System | 2025-04-09 | 9.3 HIGH | N/A |
| Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow. | |||||