Total
29535 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0870 | 1 Microsoft | 1 Word | 2025-04-09 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. | |||||
| CVE-2006-6704 | 1 Atmail | 1 Atmail Webadmin | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." | |||||
| CVE-2007-0187 | 1 F5 | 1 Firepass | 2025-04-09 | 7.5 HIGH | N/A |
| F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. | |||||
| CVE-2007-3089 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568. | |||||
| CVE-2007-2060 | 1 Wizz Computers | 1 Wizz Rss Reader | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM. | |||||
| CVE-2007-2669 | 1 Globalmegacorp | 1 Phpchain | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. NOTE: certain parameter values also trigger path disclosure. | |||||
| CVE-2008-5985 | 1 Gnome | 1 Epiphany | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2007-3601 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 2.1 LOW | N/A |
| vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view. | |||||
| CVE-2007-0289 | 1 Oracle | 1 Application Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06. | |||||
| CVE-2007-0256 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | 7.8 HIGH | N/A |
| VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | |||||
| CVE-2006-5154 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter. | |||||
| CVE-2008-7137 | 1 Eye.fi | 1 Eye-fi Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors. | |||||
| CVE-2007-0372 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. | |||||
| CVE-2006-5665 | 1 Spider Friendly | 1 Spider Friendly | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1449 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-1937 | 1 Dreamcodes | 1 Scorp Book | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | |||||
| CVE-2006-5287 | 1 Xeobook | 1 Xeobook | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via (1) the User-Agent HTTP header, or the (2) gb_entry_text, (3) gb_location, (4) gb_fullname, or (5) gb_sex parameters. | |||||
| CVE-2007-3809 | 1 Prozilla | 1 Prozilla Directory Script | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | |||||
| CVE-2006-6752 | 1 Ftprush | 1 Ftprush | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Also, it is not clear whether this issue crosses security boundaries. | |||||
| CVE-2007-0572 | 1 Drunken Golem | 1 Gaming Portal | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||