Total
29524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3636 | 1 Squirrelmail | 2 Gpg Plugin, Squirrelmail | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. | |||||
| CVE-2006-5417 | 1 Mcafee | 4 Internet Security Suite, Network Agent, Personal Firewall Plus and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6547 | 1 Mlipod | 1 Winamp Ipod Plugin | 2025-04-09 | 4.3 MEDIUM | N/A |
| Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long tag in an audible.com audiobook (aa) file. | |||||
| CVE-2006-7205 | 1 Php Group | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. | |||||
| CVE-2006-6991 | 1 Fast Browser | 1 Fast Browser | 2025-04-09 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2007-2121 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02. | |||||
| CVE-2007-0607 | 1 W-agora | 1 W-agora | 2025-04-09 | 4.3 MEDIUM | N/A |
| W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. | |||||
| CVE-2006-5916 | 1 Intego | 1 Virusbarrier | 2025-04-09 | 5.0 MEDIUM | N/A |
| Intego VirusBarrier X4 allows context-dependent attackers to bypass virus protection by quickly injecting many infected files into the filesystem, which prevents VirusBarrier from processing all the files. | |||||
| CVE-2007-1328 | 1 Bernard Joly | 1 Bj Webring | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu. | |||||
| CVE-2007-3017 | 1 Activeweb | 1 Contentserver | 2025-04-09 | 4.0 MEDIUM | N/A |
| The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp. | |||||
| CVE-2007-1986 | 1 Barnraiser | 1 Aroundme | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533. | |||||
| CVE-2006-3896 | 1 Neoscale Systems | 1 Cryptostor Tape 700 | 2025-04-09 | 4.9 MEDIUM | N/A |
| The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX. | |||||
| CVE-2007-1168 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 7.5 HIGH | N/A |
| Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp). | |||||
| CVE-2007-3555 | 1 Moodle | 1 Moodle | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. | |||||
| CVE-2007-1431 | 1 Pennmush | 1 Pennmush | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2 before 1.8.2p3 allow attackers to cause a denial of service (crash) related to the (1) speak and (2) buy functions. | |||||
| CVE-2007-4396 | 1 Irssi | 1 Irssi | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | |||||
| CVE-2007-0845 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-09 | 7.5 HIGH | N/A |
| admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1. | |||||
| CVE-2007-2043 | 1 Avant-garde Solutions | 1 Mosmedia | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php. | |||||
| CVE-2007-0430 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.9 MEDIUM | N/A |
| The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | |||||
| CVE-2006-6403 | 1 Mystats | 1 Mystats | 2025-04-09 | 5.0 MEDIUM | N/A |
| mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via (1) details and (2) by array parameters, probably resulting in a path disclosure in an error message. | |||||