Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3081 | 1 Comdev | 1 Comdev Ecommerce | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | |||||
| CVE-2006-6167 | 1 Active Php Bookmarks | 1 Active Php Bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks (APB) 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS['apb_path'] parameter in (1) apb_common.php or (2) apb.php. NOTE: CVE and another third party dispute this vulnerability because these PHP scripts exit if the attack vectors are present in GPC variables | |||||
| CVE-2006-6284 | 1 Vikingboard | 1 Vikingboard | 2025-04-09 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the act parameter. | |||||
| CVE-2007-0716 | 1 Apple | 1 Quicktime | 2025-04-09 | 5.8 MEDIUM | N/A |
| Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. | |||||
| CVE-2006-5127 | 1 Conpresso | 1 Conpresso Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php. | |||||
| CVE-2007-4029 | 2 Libvorbis, Rpath | 2 Libvorbis, Rpath Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
| libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. | |||||
| CVE-2009-3864 | 2 Microsoft, Sun | 3 Windows, Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
| The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. | |||||
| CVE-2007-0828 | 1 Mysqlnewsengine | 1 Mysqlnewsengine | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter. | |||||
| CVE-2007-2467 | 1 Zonelabs | 1 Zonealarm | 2025-04-09 | 4.9 MEDIUM | N/A |
| ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access. | |||||
| CVE-2009-3076 | 1 Mozilla | 1 Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. | |||||
| CVE-2006-6831 | 1 Alan Ward | 1 A-faq | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter. | |||||
| CVE-2007-1418 | 1 Mindtouch | 1 Dekiwiki | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2009-0780 | 1 Openbsd | 1 Openbsd | 2025-04-09 | 5.0 MEDIUM | N/A |
| The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path. | |||||
| CVE-2007-0266 | 1 Ezboxx | 1 Ezboxx Portal System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter. | |||||
| CVE-2007-3489 | 1 Checkpoint | 1 Vpn-1 Utm Edge | 2025-04-09 | 9.3 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface. | |||||
| CVE-2007-2787 | 1 Lead Technologies | 1 Leadtools Raster Thumbnail Object Library | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-1118 | 1 Efiction | 1 Efiction | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. | |||||
| CVE-2007-1874 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 7.2 HIGH | N/A |
| Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/. | |||||
| CVE-2007-4373 | 1 Rndlabs | 1 Babo Violent | 2025-04-09 | 6.8 MEDIUM | N/A |
| The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes. | |||||
| CVE-2007-3218 | 1 Php Live | 1 Php Live | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter. | |||||