ReportizFlow
Filtered by vendor
Subscriptions
Total
29885 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6019 | 2 Adobe, Redhat | 5 Air, Flash, Flash Player and 2 more | 2025-04-09 | N/A |
| Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. | ||||
| CVE-2007-5406 | 3 Autonomy, Ibm, Symantec | 3 Keyview, Lotus Notes, Mail Security | 2025-04-09 | N/A |
| kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file. | ||||
| CVE-2007-5361 | 1 Alcatel-lucent | 1 Omnipcx | 2025-04-09 | N/A |
| The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename. | ||||
| CVE-2007-4065 | 2 Redhat, Xiph.org | 2 Enterprise Linux, Libvorbis | 2025-04-09 | N/A |
| lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217. | ||||
| CVE-2007-1690 | 1 Second Sight Software | 1 Activegs | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in Second Sight Software ActiveGS ActiveX control (ActiveGS.ocx) allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-4530 | 1 Teamspeak | 1 Web Server | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html. | ||||
| CVE-2007-4536 | 1 Torrenttrader | 1 Torrenttrader | 2025-04-09 | N/A |
| TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend to other files. | ||||
| CVE-2007-4546 | 1 X-diesel | 1 Unreal Commander | 2025-04-09 | N/A |
| Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation. | ||||
| CVE-2007-0801 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. | ||||
| CVE-2007-4590 | 1 Hp | 3 Dynrootdisk, Hp-ux, Ignite-ux | 2025-04-09 | N/A |
| The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors. | ||||
| CVE-2007-4703 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions. | ||||
| CVE-2007-4121 | 1 E-commerce Solutions | 3 Auction Script, Multi-vendor E-shop Script, Shopping Cart Script | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4128 | 1 Firestorm Technologies | 1 Gmaps | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action. | ||||
| CVE-2007-4879 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | N/A |
| Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | ||||
| CVE-2007-4889 | 1 Php | 2 Mysql Extension, Php | 2025-04-09 | N/A |
| The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. | ||||
| CVE-2006-5000 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2025-04-09 | N/A |
| Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | ||||
| CVE-2006-5931 | 1 Aigaion | 1 Aigaion | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-6634 | 1 Mambo | 1 Extcalthai Module | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. | ||||
| CVE-2007-4463 | 2 Fransois Gannier, Ghisler | 2 Fileinfo Plugin, Total Commander | 2025-04-09 | N/A |
| The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file. | ||||
| CVE-2007-4407 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | N/A |
| ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass. | ||||