Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7001 | 1 Creative Mind | 1 Creator Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2007-0811 | 1 Microsoft | 1 Ie | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. | |||||
| CVE-2006-6220 | 1 Recipes Complete Website | 1 Recipes Complete Website | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php. | |||||
| CVE-2007-3462 | 1 Sofaware | 1 Safe At Office 500 Utm | 2025-04-09 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network. | |||||
| CVE-2007-0865 | 1 Lushinews | 1 Lushinews | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5736 | 1 Punbb | 1 Punbb | 2025-04-09 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. | |||||
| CVE-2007-2707 | 1 Linksnet | 1 Newsfeed | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter. | |||||
| CVE-2006-5527 | 1 Intelimen | 1 Intelieditor | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter. | |||||
| CVE-2007-0226 | 1 Uniforum | 1 Uniforum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter). | |||||
| CVE-2007-2506 | 1 Progress | 2 Progress, Webspeed | 2025-04-09 | 7.8 HIGH | N/A |
| WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. | |||||
| CVE-2007-2580 | 1 Apple | 1 Safari | 2025-04-09 | 1.9 LOW | N/A |
| Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script. | |||||
| CVE-2007-1547 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2025-04-09 | 7.8 HIGH | N/A |
| The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference. | |||||
| CVE-2006-6233 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue. | |||||
| CVE-2006-5482 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 2.1 LOW | N/A |
| ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX. | |||||
| CVE-2006-6395 | 1 Ulrik Petersen | 2 Emdros Database Engine, Emrdos Database Engine | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415. | |||||
| CVE-2007-0724 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.9 MEDIUM | N/A |
| The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console. | |||||
| CVE-2009-3100 | 2 Sun, X.org | 3 Opensolaris, Solaris, X11 | 2025-04-09 | 4.0 MEDIUM | N/A |
| xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. | |||||
| CVE-2006-5547 | 1 Otscms | 1 Otscms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.0.0 through 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][includes] parameter. | |||||
| CVE-2007-2812 | 1 Hlstats | 1 Hlstats | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter. | |||||
| CVE-2007-4477 | 1 Planet Technology Corp | 1 Vc-200m Vdsl2 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header. | |||||