Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2971 | 1 Greg Neustaetter | 1 Gcards | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2007-0015 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. | |||||
| CVE-2007-2343 | 1 Enterasys | 2 Netsight Console, Netsight Inventory Manager | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names. | |||||
| CVE-2007-3712 | 1 Hiddenchest | 1 Yb Ve Bayi Babvuru Formu | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ve Bayi Basvuru Formu" (Yb ve Bayi Babvuru Formu) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-4402 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. | |||||
| CVE-2007-0468 | 1 Microsoft | 1 Visual Studio | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file. | |||||
| CVE-2006-6702 | 1 Atmail | 1 Atmail Webmail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2158 | 1 Kooijman-design | 1 Jgallery | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter. | |||||
| CVE-2006-5499 | 1 Serendipity | 1 Serendipity | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. | |||||
| CVE-2007-0304 | 1 Mint | 1 Haber Sistemi | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2177 | 1 Microgaming | 1 Download Helper Activex Control | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-6800 | 1 Limbo Cms | 1 Event Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | |||||
| CVE-2009-3111 | 1 Freeradius | 1 Freeradius | 2025-04-09 | 5.0 MEDIUM | N/A |
| The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. | |||||
| CVE-2007-2752 | 1 Runawaysoft | 1 Haber Portal | 2025-04-09 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0283 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02. | |||||
| CVE-2007-4529 | 1 Teamspeak | 1 Web Server | 2025-04-09 | 8.5 HIGH | N/A |
| The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.tscmd, (b) ask_delete_server.tscmd, (c) start_server.tscmd, and (d) stop_server.tscmd. | |||||
| CVE-2007-2333 | 1 Nortel | 3 Contivity, Vpn Router 5000, Vpn Router Portfolio | 2025-04-09 | 10.0 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network. | |||||
| CVE-2007-3290 | 1 Livecms | 1 Livecms | 2025-04-09 | 9.3 HIGH | N/A |
| categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message. | |||||
| CVE-2007-1463 | 2 Inkscape, Ubuntu | 2 Inkscape, Ubuntu Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | |||||
| CVE-2007-2829 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 5.0 MEDIUM | N/A |
| The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. | |||||