Total
29866 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5635 | 1 Web Wiz Forums | 1 Web Wiz Forums | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter. | |||||
| CVE-2006-6022 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2007-1077 | 1 Design4online | 1 Userpages2 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5510 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. | |||||
| CVE-2006-5903 | 1 Rahul Jonna | 1 Gspace | 2025-04-09 | 7.5 HIGH | N/A |
| Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GSPACE "2174|1|1|1|gs:/ d$" message, which injects a new file into the filesystem; and (2) a GSPACE "|-135|1|1|0|gs:/ d$" message, which creates a folder. | |||||
| CVE-2007-0163 | 1 Securekit | 1 Securekit Steganography | 2025-04-09 | 7.8 HIGH | N/A |
| SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information. | |||||
| CVE-2006-5641 | 1 Techno Dreams | 1 Announcement Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2006-7000 | 1 Headstart Solutions | 1 Deskpro | 2025-04-09 | 5.0 MEDIUM | N/A |
| Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages. | |||||
| CVE-2007-1964 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2025-04-09 | 6.0 MEDIUM | N/A |
| member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output. | |||||
| CVE-2007-1789 | 1 Flyspray | 1 Flyspray | 2025-04-09 | 6.8 MEDIUM | N/A |
| Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests. | |||||
| CVE-2007-2374 | 2 Avaya, Microsoft | 7 Definity One Media Server, Media Server, S3400 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. | |||||
| CVE-2006-5058 | 1 Activision | 3 Call Of Duty, Call Of Duty 2, Call Of Duty United Offensive | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command. | |||||
| CVE-2007-1442 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.2 HIGH | N/A |
| Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges. | |||||
| CVE-2007-2541 | 1 Versado Cms | 1 Versado Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter. | |||||
| CVE-2006-6306 | 1 Novell | 1 Client | 2025-04-09 | 1.2 LOW | N/A |
| Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window. | |||||
| CVE-2007-2526 | 1 Smartcode | 1 Vnc Manager | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-0284 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04. | |||||
| CVE-2006-6916 | 1 Getahead | 1 Direct Web Remoting | 2025-04-09 | 7.5 HIGH | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." | |||||
| CVE-2007-3024 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 2.1 LOW | N/A |
| libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. | |||||
| CVE-2007-1342 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. | |||||