Total
29888 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2663 | 1 Beacon | 1 Beacon | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter. | ||||
| CVE-2007-1023 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | N/A |
| SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2889 | 1 Dokeos | 1 Open Source Learning And Knowledge Management Tool | 2025-04-09 | N/A |
| SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. | ||||
| CVE-2007-2873 | 2 Redhat, Spamassassin | 2 Enterprise Linux, Spamassassin | 2025-04-09 | N/A |
| SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd. | ||||
| CVE-2007-2888 | 1 Ezb Systems | 1 Ultraiso | 2025-04-09 | N/A |
| Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information. | ||||
| CVE-2007-4360 | 1 Dell | 1 Remote Access Card | 2025-04-09 | N/A |
| Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability. | ||||
| CVE-2009-1750 | 1 Omnisoftsol | 1 Vidsharepro | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | ||||
| CVE-2007-2928 | 1 Lenovo | 2 Access Support, Automated Solutions | 2025-04-09 | N/A |
| Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data. | ||||
| CVE-2007-2763 | 1 Sienzo | 1 Digital Music Mentor | 2025-04-09 | N/A |
| Buffer overflow in the UnlockSupport function in the LockModules subsystem in a certain ActiveX control in ltmm15.dll in Sienzo Digital Music Mentor (DMM) 2.6.0.4 allows remote attackers to execute arbitrary code via a long string in the second argument, a different issue than CVE-2007-2564. | ||||
| CVE-2009-1789 | 2 Eggheads, Philip Moore | 3 Eggdrop, Eggdrop Irc Bot, Windrop | 2025-04-09 | N/A |
| mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807. | ||||
| CVE-2007-0309 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | N/A |
| SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2007-4121 | 1 E-commerce Solutions | 3 Auction Script, Multi-vendor E-shop Script, Shopping Cart Script | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1178 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors. | ||||
| CVE-2007-2880 | 1 Digiappz | 1 Digirez | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp. | ||||
| CVE-2006-6032 | 1 Sphpblog | 1 Sphpblog | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. NOTE: this has been reported to affect 0.8, but as of 20061121, the most recent version is only 0.4.9. | ||||
| CVE-2007-2754 | 2 Freetype, Redhat | 2 Freetype, Enterprise Linux | 2025-04-09 | N/A |
| Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. | ||||
| CVE-2006-6015 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. | ||||
| CVE-2007-3354 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978. | ||||
| CVE-2007-2562 | 1 Kayako | 1 Esupport | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter. | ||||
| CVE-2007-1648 | 1 Dev0.de | 1 0irc | 2025-04-09 | N/A |
| 0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference. | ||||