Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29523 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-6126 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 2.1 LOW N/A
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.
CVE-2007-4363 1 Drupal 1 Content Construction Kit 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.
CVE-2007-3281 1 Php Hosting Biller 1 Php Hosting Biller 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2007-1710 1 Php 1 Php 2025-04-09 4.3 MEDIUM N/A
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.
CVE-2008-3819 1 Cisco 4 Gss 4480 Global Site Selector, Gss 4490 Global Site Selector, Gss 4491 Global Site Selector and 1 more 2025-04-09 5.0 MEDIUM N/A
dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093.
CVE-2007-1840 1 Ldap Account Manager 1 Ldap Account Manager 2025-04-09 4.3 MEDIUM N/A
lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).
CVE-2007-2188 1 Extremail 1 Extremail 2025-04-09 10.0 HIGH N/A
eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.
CVE-2006-6647 1 Drupal 1 Drupal Mysite 2025-04-09 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. NOTE: some details were obtained from third party information.
CVE-2007-3639 1 Wordpress 1 Wordpress 2025-04-09 4.0 MEDIUM N/A
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.
CVE-2006-5708 1 Alt-n 1 Mdaemon 2025-04-09 5.0 MEDIUM 7.5 HIGH
Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.
CVE-2007-4013 2 Citrix, Mozilla 3 Access Gateway, Endpoint Analysis Client, Firefox 2025-04-09 9.3 HIGH N/A
Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679.
CVE-2007-2437 1 X.org 2 X Window System, Xserver 2025-04-09 5.5 MEDIUM N/A
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.
CVE-2007-3736 1 Mozilla 1 Firefox 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.
CVE-2007-0318 1 Apple 1 Mac Os X 2025-04-09 7.8 HIGH N/A
The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.
CVE-2006-6142 1 Squirrelmail 1 Squirrelmail 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
CVE-2007-0944 1 Microsoft 5 Ie, Internet Explorer, Windows 2000 and 2 more 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
CVE-2007-2810 1 Gazi Download Portal 1 Gazi Download Portal 2025-04-09 10.0 HIGH N/A
SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5102 1 Baumedia 1 Newswriter 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter.
CVE-2007-1574 1 Care2x 1 Care2x 2025-04-09 5.0 MEDIUM N/A
CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1427 1 Assetman 1 Assetman 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.