Total
29519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1038 | 1 Shemes.com | 1 Grabit | 2025-04-09 | 5.0 MEDIUM | N/A |
| Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3415 | 1 Phpraider | 1 Phpraider | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter. | |||||
| CVE-2007-0266 | 1 Ezboxx | 1 Ezboxx Portal System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter. | |||||
| CVE-2007-3979 | 1 Netart Media | 1 Blog System | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2006-6585 | 1 Mozilla | 1 Firefox | 2025-04-09 | 6.4 MEDIUM | N/A |
| The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected. | |||||
| CVE-2007-2690 | 1 Iss | 3 Proventia A Series Xpu, Proventia G Series Xpu, Proventia M Series Xpu | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | |||||
| CVE-2009-3382 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
| layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-5630 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 7.5 HIGH | N/A |
| Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp. | |||||
| CVE-2007-0751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
| A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. | |||||
| CVE-2007-3118 | 1 K-letter | 1 K-letter | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php. | |||||
| CVE-2007-4389 | 1 2wire | 3 1701hg Router, 1800hw Router, 2071 Router | 2025-04-09 | 7.8 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters. | |||||
| CVE-2007-1298 | 1 Aj Square | 1 Ajauction | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | |||||
| CVE-2007-3579 | 1 Phpids | 1 Phpids | 2025-04-09 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2007-0059 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. | |||||
| CVE-2007-1299 | 1 Mani Stats Reader | 1 Mani Stats Reader | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter. | |||||
| CVE-2007-3099 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 2.1 LOW | N/A |
| usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). | |||||
| CVE-2008-1322 | 1 Asg-sentry | 1 Asg-sentry | 2025-04-09 | 7.8 HIGH | N/A |
| The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability. | |||||
| CVE-2006-6033 | 1 Sphpblog | 1 Sphpblog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. (dot dot) sequence in the blog_theme parameter in (1) index.php, (2) add_cgi.php, (3) add_link.php, (4) login.php, (5) template.php, or (6) contact.php. | |||||
| CVE-2007-3327 | 1 Bughunter | 1 Http Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space). | |||||
| CVE-2007-1442 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.2 HIGH | N/A |
| Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges. | |||||