Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4448 | 1 Toribash | 1 Toribash | 2025-04-09 | 5.0 MEDIUM | N/A |
| The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1. | |||||
| CVE-2007-2218 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. | |||||
| CVE-2007-0567 | 1 Interactive-scripts.com | 1 Php Membership Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. | |||||
| CVE-2007-0741 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets. | |||||
| CVE-2006-7189 | 1 Web-app.net | 1 Webapp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer. | |||||
| CVE-2006-6356 | 1 Phpnews | 1 Phpnews | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter. | |||||
| CVE-2007-1185 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
| The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-3890 | 2 Sky Software, Winzip | 2 Fileview Activex Control, Winzip | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. | |||||
| CVE-2007-2489 | 1 Livedata | 1 Protocol Server | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call. | |||||
| CVE-2007-0474 | 1 Smb4k | 1 Smb4k | 2025-04-09 | 3.3 LOW | N/A |
| Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill." | |||||
| CVE-2007-0870 | 1 Microsoft | 1 Word | 2025-04-09 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. | |||||
| CVE-2006-6569 | 1 Genesistrader | 1 Genesistrader | 2025-04-09 | 7.8 HIGH | N/A |
| form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter. | |||||
| CVE-2006-5290 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | 7.5 HIGH | N/A |
| The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname." | |||||
| CVE-2007-5970 | 1 Oracle | 1 Mysql | 2025-04-09 | 5.8 MEDIUM | N/A |
| MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. | |||||
| CVE-2007-0531 | 1 Freewebshop | 1 Freewebshop | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | |||||
| CVE-2007-2664 | 1 Tomasz Rekawek | 1 Yet Another Asterisk Panel | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function. | |||||
| CVE-2007-1689 | 1 Symantec | 2 Norton Internet Security, Norton Personal Firewall | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions. | |||||
| CVE-2007-2200 | 1 Pagode | 1 Pagode | 2025-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter. | |||||
| CVE-2006-7029 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. | |||||
| CVE-2007-4301 | 1 Webcart | 1 Webcart | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||