Total
29526 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0430 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.9 MEDIUM | N/A |
| The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | |||||
| CVE-2006-6403 | 1 Mystats | 1 Mystats | 2025-04-09 | 5.0 MEDIUM | N/A |
| mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via (1) details and (2) by array parameters, probably resulting in a path disclosure in an error message. | |||||
| CVE-2007-4090 | 1 Vikingboard | 1 Vikingboard | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to inc/lib/screen.php or (2) the title parameter to post.php. NOTE: vector 2 might overlap CVE-2006-6283. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4296 | 1 Anti-spam Smtp Proxy | 1 Server | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (ASSP) 1.3.3 has unknown impact and attack vectors. | |||||
| CVE-2007-1269 | 1 Gnu | 1 Gnumail | 2025-04-09 | 5.0 MEDIUM | N/A |
| GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2006-5307 | 1 Afgb | 1 Afgb Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the Htmls parameter in (1) add.php, (2) admin.php, (3) look.php, or (4) re.php. | |||||
| CVE-2007-1610 | 1 Glue Software | 1 Newsglue | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed. | |||||
| CVE-2007-0054 | 1 Belchior Foundry | 1 Vcard Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. | |||||
| CVE-2007-0015 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. | |||||
| CVE-2007-0260 | 1 Naig | 1 Naig | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use | |||||
| CVE-2006-5542 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 4.0 MEDIUM | N/A |
| backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements. | |||||
| CVE-2007-1110 | 1 Activecalendar | 1 Activecalendar | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2006-6833 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-6512 | 1 Flippet.org | 1 Winamp Web Interface | 2025-04-09 | 3.5 LOW | N/A |
| Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F") in the path parameter. | |||||
| CVE-2006-5873 | 2 Debian, L2tpns | 2 Debian Linux, L2tpns | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet. | |||||
| CVE-2007-1435 | 1 D-link | 1 Tftp Server | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1736 | 1 Comodo | 1 Comodo Personal Firewall | 2025-04-09 | 7.2 HIGH | N/A |
| Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709. | |||||
| CVE-2007-2547 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. | |||||
| CVE-2007-3630 | 1 Av Scripts | 1 Av Tutorial Script | 2025-04-09 | 6.4 MEDIUM | N/A |
| changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter. | |||||
| CVE-2007-1255 | 1 Connectix | 1 Connectix Boards | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks. | |||||