Total
29523 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1529 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 4.3 MEDIUM | N/A |
The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. | |||||
CVE-2008-4863 | 1 Blender | 1 Blender | 2025-04-09 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. | |||||
CVE-2007-0388 | 1 Woltlab | 1 Burning Board | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters. | |||||
CVE-2007-4627 | 1 Algera | 1 Abc Estore | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
CVE-2007-3078 | 1 Aigaion | 1 Aigaion | 2025-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php. | |||||
CVE-2006-6174 | 1 Tdiary | 1 Tdiary | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml. | |||||
CVE-2007-1799 | 1 Joris Guisson | 1 Ktorrent | 2025-04-09 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384. | |||||
CVE-2007-3038 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 7.8 HIGH | N/A |
The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." | |||||
CVE-2007-1375 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991. | |||||
CVE-2008-7200 | 1 Deliantra | 1 Deliantra | 2025-04-09 | 10.0 HIGH | N/A |
Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors. | |||||
CVE-2007-3446 | 1 Bugmall | 1 Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access. | |||||
CVE-2006-5319 | 1 Toxi | 1 Foafgen | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in redir.php in Foafgen 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the foaf parameter. | |||||
CVE-2008-1701 | 2 Apple, Novell | 2 Mac Os X, Iprint | 2025-04-09 | 5.0 MEDIUM | N/A |
Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request. | |||||
CVE-2007-2359 | 1 Symantec | 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string. | |||||
CVE-2007-4279 | 1 Frontaccounting | 1 Frontaccounting | 2025-04-09 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter. | |||||
CVE-2007-2119 | 1 Oracle | 2 Application Server, Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. | |||||
CVE-2007-3356 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2025-04-09 | 7.8 HIGH | N/A |
NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the display_errors setting in (1) Common.php and (2) imageresizer.php, and (3) the use of __FILE__ in error reporting by imageresizer.php; and (4) via certain requests that reveal the table name and complete query, related to the Halt_On_Error setting in Mysql_db.php. | |||||
CVE-2007-4317 | 1 Zyxel | 2 Zynos, Zywall 2 | 2025-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters. | |||||
CVE-2008-5857 | 1 Knowledgetree Document Management | 1 Knowledgetree Document Management | 2025-04-09 | 6.5 MEDIUM | N/A |
The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of "browse documents" and dashboard requests. | |||||
CVE-2007-0217 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. |