Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2852 | 1 Eset Software | 1 Nod32 Antivirus | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name. | |||||
| CVE-2006-5883 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html. | |||||
| CVE-2008-5344 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. | |||||
| CVE-2007-3158 | 1 Tenyearsgone | 1 Asp Folder Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter. | |||||
| CVE-2006-7199 | 1 Emc | 1 Rsa Security Sitekey | 2025-04-09 | 8.5 HIGH | N/A |
| EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages." | |||||
| CVE-2006-5863 | 1 Otterware | 1 Letterit2 | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
| CVE-2006-6232 | 1 Dreamcost | 1 Dreamaccount | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-0850 | 1 Syscp Team | 1 Syscp | 2025-04-09 | 7.5 HIGH | N/A |
| scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table. | |||||
| CVE-2007-3649 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2025-04-09 | 6.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method. | |||||
| CVE-2008-4728 | 1 Hummingbird | 1 Deployment Wizard | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders. | |||||
| CVE-2006-5561 | 1 Discuz | 1 Discuz Gbk | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie. | |||||
| CVE-2007-1832 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
| web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms." | |||||
| CVE-2007-1215 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. | |||||
| CVE-2007-0698 | 1 Mentiss Acgv | 1 Acgvannu | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4310 | 1 Sun | 1 Sunos | 2025-04-09 | 4.3 MEDIUM | N/A |
| The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503. | |||||
| CVE-2006-5823 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.0 MEDIUM | N/A |
| The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs. | |||||
| CVE-2007-1822 | 1 Alcatel-lucent | 1 Voice Mail System | 2025-04-09 | 10.0 HIGH | N/A |
| Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | |||||
| CVE-2009-1358 | 1 Debian | 2 Advanced Package Tool, Apt | 2025-04-09 | 10.0 HIGH | N/A |
| apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories. | |||||
| CVE-2006-5163 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-09 | 3.6 LOW | N/A |
| IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack. | |||||
| CVE-2007-2044 | 1 Antonis Ventouris | 1 Weather Module | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||