Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4658 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2026-04-23 | N/A |
| The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | ||||
| CVE-2007-3885 | 1 Aspindir | 1 Husrevforum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1763 | 1 Microsoft | 1 Windows Vista | 2026-04-23 | N/A |
| The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. | ||||
| CVE-2007-0812 | 1 Woltlab | 1 Burning Board Lite | 2026-04-23 | N/A |
| SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter. | ||||
| CVE-2007-0430 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | ||||
| CVE-2008-1736 | 1 Comodo | 1 Comodo Personal Firewall | 2026-04-23 | N/A |
| Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709. | ||||
| CVE-2006-6465 | 1 Wikyblog | 1 Wikyblog | 2026-04-23 | N/A |
| Directory traversal vulnerability in WBmap.php in WikyBlog 1.3.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. NOTE: CVE disputes this vulnerability because l is validated by ctype_alpha before use | ||||
| CVE-2006-6868 | 1 Zen Cart | 1 Web Shopping Cart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-2901 | 1 Dokeos | 1 Dokeos | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors. | ||||
| CVE-2007-2902 | 1 Dokeos | 1 Dokeos | 2026-04-23 | N/A |
| SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter. | ||||
| CVE-2007-0052 | 1 Vizayn Haber | 1 Vizayn Haber | 2026-04-23 | N/A |
| SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2920 | 1 Zoomify | 1 Zoomify Viewer Activex Control | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-2916 | 1 Gmtt | 1 Music Distro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter. | ||||
| CVE-2007-3172 | 1 Uebimiau | 1 Uebimiau | 2026-04-23 | N/A |
| Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. | ||||
| CVE-2008-1319 | 1 Versant | 1 Versant Object Database | 2026-04-23 | N/A |
| Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field. | ||||
| CVE-2009-1926 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." | ||||
| CVE-2007-2988 | 1 Inout Scripts | 1 Inout Meta Search Engine | 2026-04-23 | N/A |
| A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php. | ||||
| CVE-2008-1335 | 1 Netbsd | 2 Netbsd, Netbsd Current | 2026-04-23 | N/A |
| The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905. | ||||
| CVE-2007-3085 | 1 Pbsite | 1 Pbsite | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php, (c) setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, or (y) board.php. | ||||
| CVE-2008-1387 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | ||||