Total
29519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6283 | 1 Vikingboard | 1 Vikingboard | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bulletin board post. | |||||
| CVE-2006-6894 | 1 Spine | 1 Spine | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security." | |||||
| CVE-2007-2419 | 1 Macrovision | 2 Flexnet Connect, Update Service | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328. | |||||
| CVE-2007-0955 | 1 Mailenable | 1 Mailenable | 2025-04-09 | 7.8 HIGH | N/A |
| The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read. | |||||
| CVE-2007-2487 | 1 Atomix Productions | 1 Atomixmp3 | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287. | |||||
| CVE-2007-0142 | 1 Shopstorenow | 1 E-commerce Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||||
| CVE-2007-3408 | 1 Dia | 1 Dia | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351. | |||||
| CVE-2008-5912 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 2.1 LOW | N/A |
| An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-3419 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-0338 | 1 Bolintech | 1 Dreamftp Server | 2025-04-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log. | |||||
| CVE-2007-4079 | 1 Alstrasoft | 1 Sms Text Messaging Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php. | |||||
| CVE-2007-1987 | 1 Phpecho Cms | 1 Phpecho Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use | |||||
| CVE-2007-3612 | 1 Visual Irc | 1 Visual Irc | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. | |||||
| CVE-2007-5380 | 1 David Hansson | 1 Ruby On Rails | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions." | |||||
| CVE-2006-5893 | 1 Iwonder Designs | 1 Storystream | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/. | |||||
| CVE-2007-5481 | 1 Distributed Checksum Clearinghouse | 1 Dcc | 2025-04-09 | 5.0 MEDIUM | N/A |
| Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood." | |||||
| CVE-2007-0383 | 1 Wdaemon | 1 Wdaemon | 2025-04-09 | 5.0 MEDIUM | N/A |
| WDaemon 9.5.4 allows remote attackers to access the /WorldClient.dll URI on TCP port 3000, which has unknown impact. NOTE: The researcher reports that the vendor response was "this is not a security bug. | |||||
| CVE-2009-3295 | 1 Mit | 1 Kerberos 5 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request. | |||||
| CVE-2007-0865 | 1 Lushinews | 1 Lushinews | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3229 | 1 Singapore | 1 Image Gallery Web Application | 2025-04-09 | 6.8 MEDIUM | N/A |
| index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message. | |||||