Total
29519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5018 | 1 Contentkeeper Technologies | 1 Contentkeeper | 2025-04-09 | 4.0 MEDIUM | N/A |
| ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI. | |||||
| CVE-2007-1535 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 7.5 HIGH | N/A |
| Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. | |||||
| CVE-2007-6629 | 1 Feng | 1 Feng | 2025-04-09 | 5.0 MEDIUM | N/A |
| Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line. | |||||
| CVE-2006-6474 | 1 Mcafee | 1 Virusscan | 2025-04-09 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory. | |||||
| CVE-2007-2657 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method. | |||||
| CVE-2006-6927 | 1 Grandora | 1 Rialto | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6197 | 1 B2evolution | 1 B2evolution | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php. | |||||
| CVE-2007-0644 | 1 Apple | 1 Safari | 2025-04-09 | 7.1 HIGH | N/A |
| Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. | |||||
| CVE-2007-3220 | 1 Xoops | 1 Cjay Content Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656. | |||||
| CVE-2009-4048 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-09 | 4.0 MEDIUM | N/A |
| Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket. | |||||
| CVE-2006-6265 | 1 Microsoft | 1 Teredo | 2025-04-09 | 5.8 MEDIUM | N/A |
| Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure. | |||||
| CVE-2007-0800 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. | |||||
| CVE-2007-3401 | 1 B1g | 1 B1gbb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter. | |||||
| CVE-2007-3359 | 1 Iptel | 1 Serweb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5061 | 1 Advanced-clan-script | 1 Advanced-clan-script | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mcf.php in Advanced-Clan-Script (AVCX) 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | |||||
| CVE-2007-2783 | 1 Rational Software | 1 Hidden Administrator | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE. | |||||
| CVE-2007-3608 | 1 Sap | 1 Enjoysap | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors. | |||||
| CVE-2006-7062 | 1 Kmail | 1 Kmail | 2025-04-09 | 7.8 HIGH | N/A |
| calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message. | |||||
| CVE-2007-2484 | 1 Ruben Boelinger | 1 Wp-table | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | |||||
| CVE-2007-3990 | 1 Asp Indir | 1 Dora Emlak | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the goster parameter is set to emlakdetay, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||