Total
259347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3037 | 1 Microsoft | 1 Windows Media Player | 2024-02-04 | 4.0 MEDIUM | N/A |
| Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." | |||||
| CVE-2008-0916 | 1 Highwood Design | 1 Hwdvideoshare | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php. | |||||
| CVE-2006-5459 | 1 Alex | 1 Downloadengine | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291. NOTE: CVE analysis as of 20061021 is inconclusive, but suggests that some or all of the suggested attack vectors are ineffective. | |||||
| CVE-2007-4109 | 1 Codewidgets | 1 Online Event Registration Template | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2006-5482 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 2.1 LOW | N/A |
| ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX. | |||||
| CVE-2007-2390 | 1 Apple | 1 Mac Os X | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | |||||
| CVE-2007-4352 | 1 Xpdf | 1 Xpdf | 2024-02-04 | 7.6 HIGH | N/A |
| Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. | |||||
| CVE-2006-5548 | 1 Otscms | 1 Otscms | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][directories][classes] parameter. | |||||
| CVE-2007-0666 | 1 Ipswitch | 1 Ws Ftp Server | 2024-02-04 | 6.8 MEDIUM | N/A |
| Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module. | |||||
| CVE-2007-6364 | 1 Jlmforo System | 1 Jlmforo System | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLMForo System allows remote authenticated users to inject arbitrary web script or HTML via a signature. | |||||
| CVE-2008-0118 | 1 Microsoft | 1 Office | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2007-2057 | 1 Aircrack-ng | 1 Airodump-ng | 2024-02-04 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets. | |||||
| CVE-2007-6341 | 1 Net Dns | 1 Net Dns | 2024-02-04 | 5.0 MEDIUM | N/A |
| Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response. | |||||
| CVE-2007-4129 | 2 Fedoraproject, Redhat | 2 Coolkey, Enterprise Linux | 2024-02-04 | 3.3 LOW | N/A |
| CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. | |||||
| CVE-2007-1635 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2024-02-04 | 9.0 HIGH | N/A |
| Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php. | |||||
| CVE-2007-3528 | 1 Dar | 1 Dar | 2024-02-04 | 5.0 MEDIUM | N/A |
| The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files. | |||||
| CVE-2006-6833 | 1 Joomla | 1 Joomla | 2024-02-04 | 7.5 HIGH | N/A |
| com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-1203 | 1 Microsoft | 2 Excel, Excel Viewer | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. | |||||
| CVE-2007-4380 | 1 Symantec | 1 Altiris Deployment Solution | 2024-02-04 | 7.2 HIGH | N/A |
| Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer. | |||||
| CVE-2007-5779 | 1 Gom Player | 1 Gom Player | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method. | |||||