Total
29519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5729 | 1 Yazd | 1 Yazd Discussion Forum | 2025-04-09 | 6.5 MEDIUM | N/A |
| Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users. | |||||
| CVE-2006-5034 | 1 Paul Smith Computer Services | 1 Vcap | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2007-4254 | 1 Microsoft | 2 Visual Database Tools Database Designer, Visual Studio | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127. | |||||
| CVE-2006-6896 | 1 Plantronic | 1 Headset | 2025-04-09 | 5.4 MEDIUM | N/A |
| The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations. | |||||
| CVE-2007-0462 | 1 Apple | 2 Mac Os X, Quicktime | 2025-04-09 | 10.0 HIGH | N/A |
| The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. | |||||
| CVE-2007-2466 | 1 Sun | 2 Java System Directory Server, One Directory Server | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings. | |||||
| CVE-2007-3100 | 1 Redhat | 2 Enterprise Linux, Open Iscsi | 2025-04-09 | 2.1 LOW | N/A |
| usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. | |||||
| CVE-2007-3323 | 1 Comersus Open Technologies | 1 Comersus Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2. | |||||
| CVE-2007-2042 | 1 Avant-garde Solutions | 1 Mosmedia | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0201 | 1 Tis | 1 Internet Firewall Toolkit | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest). | |||||
| CVE-2009-3957 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
| CVE-2007-3226 | 1 Dotproject | 1 Dotproject | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. | |||||
| CVE-2008-6811 | 2 Instinct, Wordpress | 2 E-commerce Plugin, Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/. | |||||
| CVE-2006-5046 | 1 Joomla | 1 Rs Gallery2 | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files." | |||||
| CVE-2007-3258 | 1 Vincent Hor | 1 Calendarix | 2025-04-09 | 5.0 MEDIUM | N/A |
| calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message. | |||||
| CVE-2007-2182 | 1 Maran | 1 Php Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter. | |||||
| CVE-2006-5189 | 1 Klinza | 1 Klinza Professional Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php in klinza professional cms 5.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appl[APPL] parameter. | |||||
| CVE-2006-5155 | 1 Videodb | 1 Videodb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter. | |||||
| CVE-2007-2634 | 1 Agner Fog | 1 Aforum | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1594 | 1 Ibm | 1 Aix | 2025-04-09 | 4.9 MEDIUM | N/A |
| The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size. | |||||