Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6488 | 1 Iconics | 1 Dialog Wrapper Module Activex Control | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. | |||||
| CVE-2006-4409 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. | |||||
| CVE-2007-2016 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. | |||||
| CVE-2007-1863 | 2 Apache, Apple | 2 Http Server, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. | |||||
| CVE-2007-2327 | 1 Labs4 | 1 Htmleditbox | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter. | |||||
| CVE-2007-4376 | 1 Szymon Kosok | 1 Best Top List | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/. | |||||
| CVE-2007-3076 | 1 Zenturi | 1 Zenturi Programchecker | 2025-04-09 | 7.8 HIGH | N/A |
| A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function. | |||||
| CVE-2007-4069 | 1 Index Script | 1 Index Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2007-0333 | 1 Agnitum | 1 Outpost Firewall | 2025-04-09 | 7.2 HIGH | N/A |
| Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. | |||||
| CVE-2006-5973 | 1 Timo Sirainen | 1 Dovecot | 2025-04-09 | 5.0 MEDIUM | N/A |
| Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file. | |||||
| CVE-2007-3108 | 1 Openssl | 1 Openssl | 2025-04-09 | 1.2 LOW | N/A |
| The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. | |||||
| CVE-2007-4415 | 1 Cisco | 1 Vpn Client | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. | |||||
| CVE-2008-6830 | 1 Citrix | 1 Web Interface | 2025-04-09 | 4.0 MEDIUM | N/A |
| The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface. | |||||
| CVE-2007-1522 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. | |||||
| CVE-2007-2332 | 1 Nortel | 8 Vpn Router 1010, Vpn Router 1050, Vpn Router 1100 and 5 more | 2025-04-09 | 9.0 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. | |||||
| CVE-2007-4128 | 1 Firestorm Technologies | 1 Gmaps | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action. | |||||
| CVE-2009-0077 | 1 Microsoft | 2 Forefront Threat Management Gateway, Internet Security And Acceleration Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability." | |||||
| CVE-2009-2090 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors. | |||||
| CVE-2006-5513 | 1 Geonetwork | 1 Opensource | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors. | |||||
| CVE-2007-2496 | 1 Office Ocx | 1 Word Viewer Ocx | 2025-04-09 | 7.8 HIGH | N/A |
| The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value. | |||||