Total
258574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4847 | 1 Google | 1 Picasa | 2024-02-04 | 5.0 MEDIUM | N/A |
| Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | |||||
| CVE-2007-5377 | 1 Gnu | 1 Tramp | 2024-02-04 | 6.9 MEDIUM | N/A |
| The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2007-3655 | 1 Sun | 1 Jre | 2024-02-04 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file. | |||||
| CVE-2008-0480 | 1 Web Wiz | 1 Web Wiz Forums | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp. | |||||
| CVE-2007-4706 | 1 Apple | 1 Quicktime | 2024-02-04 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file. | |||||
| CVE-2007-5586 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-5587. Reason: This candidate is a duplicate of CVE-2007-5587. Notes: All CVE users should reference CVE-2007-5587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2007-1582 | 1 Php | 1 Php | 2024-02-04 | 6.8 MEDIUM | N/A |
| The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. | |||||
| CVE-2007-4060 | 1 Frank Yaul | 1 Corehttp | 2024-02-04 | 9.0 HIGH | N/A |
| Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request. | |||||
| CVE-2008-1041 | 1 Matts Whois | 1 Matts Whois | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter. | |||||
| CVE-2007-2287 | 1 Comus | 1 Comus | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2007-2189 | 1 Mx Smartor | 1 Full Album Pack | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-3779 | 1 Squirrelmail | 1 Gpg Plugin | 2024-02-04 | 4.3 MEDIUM | N/A |
| PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter. | |||||
| CVE-2008-0786 | 1 Cacti | 1 Cacti | 2024-02-04 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2007-0146 | 1 Fix And Chips Computer Services | 1 Fix And Chips Cms | 2024-02-04 | 6.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php. | |||||
| CVE-2006-5132 | 1 Phpmyagenda | 1 Phpmyagenda | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009. | |||||
| CVE-2007-2552 | 1 Wikkawiki | 1 Wikkawiki | 2024-02-04 | 5.0 MEDIUM | N/A |
| The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds. | |||||
| CVE-2008-0975 | 1 Double-take Software | 1 Double-take | 2024-02-04 | 5.0 MEDIUM | N/A |
| Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector<T> value. | |||||
| CVE-2007-0806 | 1 Les News | 1 Les News | 2024-02-04 | 7.5 HIGH | N/A |
| Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations. | |||||
| CVE-2007-3154 | 1 Egroupware | 1 Egroupware | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors. | |||||
| CVE-2006-5551 | 1 Qksoft | 1 Qk Smtp | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command. | |||||