Total
29534 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5808 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 4.6 MEDIUM | N/A |
| The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". | |||||
| CVE-2008-5503 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 2.6 LOW | N/A |
| The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. | |||||
| CVE-2009-2842 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. | |||||
| CVE-2007-1019 | 1 Webspell | 1 Webspell | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. | |||||
| CVE-2007-0873 | 1 Nabocorp | 1 Nabopoll | 2025-04-09 | 7.5 HIGH | N/A |
| nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/. | |||||
| CVE-2007-1927 | 1 Youngzsoft | 1 Cmailserver | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. | |||||
| CVE-2006-5010 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program. | |||||
| CVE-2007-2878 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors. | |||||
| CVE-2007-2895 | 1 Lead Technologies | 1 Leadtools Raster Dialog File Object | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. | |||||
| CVE-2006-6657 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 2.1 LOW | N/A |
| The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors. | |||||
| CVE-2007-2507 | 1 Treble Designs | 1 1024 Cms | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter. | |||||
| CVE-2006-5701 | 2 Linux, Redhat | 2 Linux Kernel, Fedora Core | 2025-04-09 | 4.9 MEDIUM | N/A |
| Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem. | |||||
| CVE-2006-5836 | 1 Opendarwin | 1 Darwin Kernel | 2025-04-09 | 7.2 HIGH | N/A |
| The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type. | |||||
| CVE-2007-3411 | 1 Clicktech | 1 Clickgallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | |||||
| CVE-2007-3518 | 1 Hispah | 1 Youtube Clone Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0542 | 1 212cafe | 1 Guestbook | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2006-5732 | 1 Tgs Cms | 1 Tgs Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie. | |||||
| CVE-2007-0970 | 1 Webtester | 1 Webtester | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input. | |||||
| CVE-2006-5145 | 1 Olate | 1 Olatedownload | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php. | |||||
| CVE-2008-6442 | 1 Sina | 1 Dloader | 2025-04-09 | 5.8 MEDIUM | N/A |
| Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||