Total
29884 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1934 | 1 Php-nuke | 1 Eboard Module | 2025-04-09 | N/A |
| Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter. | ||||
| CVE-2007-1924 | 1 Phpcontact | 1 Phpcontact | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php. NOTE: this issue is disputed by CVE and a reliable third party, because include_path is initialized to a fixed value before use | ||||
| CVE-2007-3558 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | N/A |
| SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. | ||||
| CVE-2006-6091 | 1 Grimbb | 1 Grimbb | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-1918 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2025-04-09 | N/A |
| The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | ||||
| CVE-2007-2757 | 1 Dean J Robinson | 1 Redoable | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php. | ||||
| CVE-2007-2588 | 1 Office Ocx | 1 Office Viewer Ocx | 2025-04-09 | N/A |
| Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function. | ||||
| CVE-2007-1917 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2025-04-09 | N/A |
| Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | ||||
| CVE-2009-0903 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. | ||||
| CVE-2006-4689 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." | ||||
| CVE-2006-5958 | 1 Infinicart | 1 Infinicart | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp. | ||||
| CVE-2007-1914 | 1 Sap | 1 Rfc Library | 2025-04-09 | N/A |
| The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | ||||
| CVE-2007-2405 | 1 Apple | 3 Mac Os X, Mac Os X Server, Pdfkit | 2025-04-09 | N/A |
| Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file. | ||||
| CVE-2007-2407 | 2 Apple, Samba | 3 Mac Os X, Mac Os X Server, Samba Server | 2025-04-09 | N/A |
| The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. | ||||
| CVE-2007-2937 | 1 Troforum | 1 Troforum | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter. | ||||
| CVE-2007-4140 | 1 Lfs | 1 Live For Speed S2 | 2025-04-09 | N/A |
| Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name. | ||||
| CVE-2007-4161 | 1 Tibco | 1 Rendezvous | 2025-04-09 | N/A |
| rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character. | ||||
| CVE-2007-2577 | 1 Acp3 | 1 Acp3 | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to execute arbitrary SQL commands via (1) the mode parameter to feeds.php, the (2) form[cat] parameter to (a) news/list/index.php or (b) certain news/details/id_*/action_create/index.php files, or (3) the form[mods][] parameter to search/list/action_search/index.php. | ||||
| CVE-2008-1594 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size. | ||||
| CVE-2007-2233 | 1 Cosign | 1 Cosign | 2025-04-09 | N/A |
| cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username. | ||||