Total
29909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1603 | 1 Weekly Drawing Contest | 1 Weekly Drawing Contest | 2026-04-23 | N/A |
| admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request. | ||||
| CVE-2007-1609 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563. | ||||
| CVE-2007-1610 | 1 Glue Software | 1 Newsglue | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed. | ||||
| CVE-2008-3630 | 2 Apple, Microsoft | 6 Bonjour, Windows-nt, Windows 2000 and 3 more | 2026-04-23 | N/A |
| mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||||
| CVE-2007-3741 | 3 Gnu, Mandriva, Redhat | 3 Gimp, Linux, Enterprise Linux | 2026-04-23 | N/A |
| The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. | ||||
| CVE-2007-4538 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. | ||||
| CVE-2006-5988 | 1 Microsoft | 1 Windows 2000 | 2026-04-23 | N/A |
| Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2006-6016 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | ||||
| CVE-2006-6245 | 1 Photo Organizer | 1 Photo Organizer | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-6248 | 1 Gphotos | 1 Gphotos | 2026-04-23 | N/A |
| index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message. | ||||
| CVE-2006-6259 | 1 Alternc | 1 Alternc | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain. | ||||
| CVE-2006-6266 | 1 Microsoft | 1 Teredo | 2026-04-23 | N/A |
| Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties. | ||||
| CVE-2006-6269 | 1 Infinity Technologies | 1 Infinitytechs Restaurants Cm | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp. | ||||
| CVE-2006-6924 | 1 Bitweaver | 1 Bitweaver | 2026-04-23 | N/A |
| bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380. | ||||
| CVE-2007-0024 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2026-04-23 | N/A |
| Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." | ||||
| CVE-2006-6391 | 1 Open Solution | 1 Quick.cart | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0588 | 1 Apple | 2 Mac Os X, Quicktime | 2026-04-23 | N/A |
| The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. | ||||
| CVE-2007-0603 | 1 Pgp | 1 Corporate Desktop | 2026-04-23 | N/A |
| PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address. | ||||
| CVE-2006-6149 | 1 Jiros | 1 Faq Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter. | ||||
| CVE-2007-3679 | 1 Citrix | 1 Access Gateway | 2026-04-23 | N/A |
| The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. | ||||