Total
29888 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0385 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-09 | N/A |
| Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. | ||||
| CVE-2008-2268 | 1 Mdsjack | 1 Mjguest | 2025-04-09 | N/A |
| Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6.7 GT Rev.01 allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in a redirect action to mjguest.php. NOTE: this is user-assisted because there is a delay and a notification before redirection occurs. | ||||
| CVE-2007-1338 | 1 Apple | 1 Airport Extreme | 2025-04-09 | N/A |
| The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4. | ||||
| CVE-2007-2155 | 1 Phpfaber | 1 Topsites | 2025-04-09 | N/A |
| Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php. | ||||
| CVE-2007-2701 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue." | ||||
| CVE-2006-4839 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-09 | N/A |
| Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. | ||||
| CVE-2007-0370 | 1 Phpbp | 1 Phpbp | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers. | ||||
| CVE-2007-1585 | 1 Linksys | 2 Wag200g, Wrt54gc | 2025-04-09 | N/A |
| The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0914 | 1 Sun | 1 Solaris | 2025-04-09 | N/A |
| Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors. | ||||
| CVE-2007-1340 | 1 Weltennetz | 1 News-letterman | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter. | ||||
| CVE-2009-0550 | 1 Microsoft | 7 Ie, Internet Explorer, Windows 2000 and 4 more | 2025-04-09 | N/A |
| Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." | ||||
| CVE-2007-1346 | 1 Sun | 1 Sun Fire | 2025-04-09 | N/A |
| Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server. | ||||
| CVE-2007-1617 | 1 Scriptmagix | 1 Scriptmagix Recipes | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2006-7073 | 1 Opentools | 1 Attachment Mod | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information. | ||||
| CVE-2007-2989 | 1 Sun | 1 Solaris | 2025-04-09 | N/A |
| The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298. | ||||
| CVE-2007-2501 | 1 Fernando M.a.d.s. | 1 Codepress | 2025-04-09 | N/A |
| Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call. | ||||
| CVE-2006-4098 | 1 Cisco | 1 Secure Access Control Server | 2025-04-09 | N/A |
| Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. | ||||
| CVE-2007-2502 | 1 Hp | 1 Procurve Switch 9300m | 2025-04-09 | N/A |
| Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015. | ||||
| CVE-2008-3837 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. | ||||
| CVE-2007-2783 | 1 Rational Software | 1 Hidden Administrator | 2025-04-09 | N/A |
| Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE. | ||||