Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2946 | 1 Lead Technologies | 1 Leadtools Raster Dialog File Object | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value. | |||||
| CVE-2007-2611 | 1 Cgx | 1 Cgx | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/. | |||||
| CVE-2006-5791 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-09 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function. | |||||
| CVE-2007-1567 | 1 War Ftp Daemon | 1 War Ftp Daemon | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain. | |||||
| CVE-2009-0756 | 1 Poppler | 1 Poppler | 2025-04-09 | 5.0 MEDIUM | N/A |
| The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. | |||||
| CVE-2007-3860 | 1 Oracle | 1 Apex | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters. | |||||
| CVE-2007-3288 | 1 Skeltoac | 1 Automattic Stats | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field. | |||||
| CVE-2009-1906 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.3 MEDIUM | N/A |
| The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. | |||||
| CVE-2008-1713 | 1 Noticeware | 1 Email Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp). | |||||
| CVE-2007-3973 | 1 Jblog | 1 Jblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php. | |||||
| CVE-2009-3085 | 1 Pidgin | 2 Libpurple, Pidgin | 2025-04-09 | 5.0 MEDIUM | N/A |
| The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. | |||||
| CVE-2006-6213 | 1 Pegames | 1 Pegames | 2025-04-09 | 7.5 HIGH | N/A |
| index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value. | |||||
| CVE-2007-3347 | 1 D-link | 2 Dph-540, Dph-541 | 2025-04-09 | 7.8 HIGH | N/A |
| The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. | |||||
| CVE-2006-6437 | 1 Xerox | 1 Workcentre | 2025-04-09 | 7.8 HIGH | N/A |
| ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows attackers to cause a denial of service (application crash and core dump) via a certain PS file. | |||||
| CVE-2006-4181 | 1 Gnu | 1 Radius | 2025-04-09 | 10.0 HIGH | N/A |
| Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-5952 | 1 Asp Smiley | 1 Asp Smiley | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 allows remote attackers to execute arbitrary SQL commands via the Username field. | |||||
| CVE-2007-3060 | 1 Osi Codes Inc. | 1 Phplive | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769. | |||||
| CVE-2007-2686 | 1 Jetbox | 1 Jetbox Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task. | |||||
| CVE-2007-1703 | 1 Joomla | 1 Rwcards Component | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2006-6092 | 1 20 20 Applications | 1 20 20 Auto Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters. | |||||