Total
29519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6834 | 1 Joomla | 1 Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." | |||||
| CVE-2006-6069 | 1 Malbum | 1 Malbum | 2025-04-09 | 5.0 MEDIUM | N/A |
| index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter. | |||||
| CVE-2007-3540 | 1 Rainworx | 1 Rwauction Pro | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) catid, and (5) searchtxt parameters, a different version and vectors than CVE-2005-4060. | |||||
| CVE-2006-4697 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. | |||||
| CVE-2007-2833 | 3 Debian, Gnu, Mandrakesoft | 4 Debian Linux, Emacs, Mandrake Linux and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
| Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | |||||
| CVE-2006-5538 | 1 D-link | 1 Dsl-g624t | 2025-04-09 | 5.0 MEDIUM | N/A |
| D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request. | |||||
| CVE-2007-3054 | 1 Codelib | 1 Linker | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0446 | 1 Hp | 3 Mercury Loadrunner Agent, Mercury Monitor Over Firewall, Mercury Performance Center Agent | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll. | |||||
| CVE-2007-4996 | 1 Pidgin | 1 Pidgin | 2025-04-09 | 4.3 MEDIUM | N/A |
| libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." | |||||
| CVE-2007-4704 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
| The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2007-3248 | 1 Sun | 1 Solaris | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic. | |||||
| CVE-2007-1921 | 1 Nullsoft | 1 Winamp | 2025-04-09 | 9.3 HIGH | N/A |
| LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. | |||||
| CVE-2006-5886 | 1 Dynamic Dataworx | 1 Nurealestate | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter. | |||||
| CVE-2006-7072 | 1 Geodesicsolutions | 1 Geoclassifieds Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php. | |||||
| CVE-2007-1637 | 1 Ipswitch | 4 Imail, Imail Plus, Imail Premium and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. | |||||
| CVE-2006-6926 | 1 Extremail | 1 Extremail | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2758 | 1 Winimage | 1 Winimage | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal. | |||||
| CVE-2007-0817 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. | |||||
| CVE-2006-5913 | 1 Microsoft | 1 Ie | 2025-04-09 | 6.4 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. | |||||
| CVE-2006-6170 | 1 Proftpd Project | 1 Proftpd | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815. | |||||