Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4371 | 1 Hotscripts | 1 Neuron Blog | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/. | ||||
| CVE-2007-4446 | 1 Toribash | 1 Toribash | 2026-04-23 | N/A |
| Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game. | ||||
| CVE-2006-6874 | 1 Endonesia | 1 Endonesia | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6876 | 1 Openser | 1 Openser | 2026-04-23 | N/A |
| Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument. | ||||
| CVE-2007-0078 | 1 Battleblog | 1 Battleblog | 2026-04-23 | N/A |
| BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. | ||||
| CVE-2007-0079 | 1 Rblog | 1 Rblog | 2026-04-23 | N/A |
| rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb. | ||||
| CVE-2007-0092 | 1 E-smart Cart | 1 E-smart Cart | 2026-04-23 | N/A |
| SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | ||||
| CVE-2007-0096 | 1 Carbon Communities | 1 Carbon Communities | 2026-04-23 | N/A |
| CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. | ||||
| CVE-2007-0936 | 1 Microsoft | 2 Office, Visio | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." | ||||
| CVE-2007-0654 | 1 X Multimedia System | 1 X Multimedia System | 2026-04-23 | N/A |
| Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow. | ||||
| CVE-2007-0653 | 2 Linux, X Multimedia System | 2 Linux Kernel, X Multimedia System | 2026-04-23 | N/A |
| Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption. | ||||
| CVE-2007-0469 | 1 Rubyforge | 1 Rubygems | 2026-04-23 | N/A |
| The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages. | ||||
| CVE-2009-4593 | 1 Jesse Smith | 1 Bftpd | 2026-04-23 | N/A |
| The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4605 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | ||||
| CVE-2009-4378 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2026-04-23 | N/A |
| The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." | ||||
| CVE-2009-2944 | 1 Ikiwiki | 1 Ikiwiki | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands. | ||||
| CVE-2009-2979 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2026-04-23 | N/A |
| Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. | ||||
| CVE-2009-3004 | 1 Avant Force | 1 Avant Browser | 2026-04-23 | N/A |
| Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. | ||||
| CVE-2009-4441 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659. | ||||
| CVE-2009-4453 | 1 Softcab | 1 Sound Converter Activex | 2026-04-23 | N/A |
| Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. NOTE: some of these details are obtained from third party information. | ||||