Total
29898 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3320 | 1 Avaya | 1 4602sw Ip Phone | 2025-04-09 | N/A |
| The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact. | ||||
| CVE-2007-1321 | 5 Debian, Fedoraproject, Qemu and 2 more | 6 Debian Linux, Fedora, Fedora Core and 3 more | 2025-04-09 | N/A |
| Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730. | ||||
| CVE-2007-3210 | 1 Cellosoft | 1 Cellosoft Tokens Object | 2025-04-09 | N/A |
| Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3322 | 1 Avaya | 1 4602sw Ip Phone | 2025-04-09 | N/A |
| The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port. | ||||
| CVE-2007-1328 | 1 Bernard Joly | 1 Bj Webring | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu. | ||||
| CVE-2007-3211 | 1 Domain Technologie Control | 1 Domain Technologie Control | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3326 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2. | ||||
| CVE-2009-1517 | 1 Symantec | 1 Norton Ghost | 2025-04-09 | N/A |
| Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods. | ||||
| CVE-2009-1683 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | N/A |
| The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue." | ||||
| CVE-2007-3213 | 1 Sporum Forum | 1 Sporum Forum | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters. | ||||
| CVE-2007-3327 | 1 Bughunter | 1 Http Server | 2025-04-09 | N/A |
| httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space). | ||||
| CVE-2009-1906 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. | ||||
| CVE-2007-3328 | 1 Interact | 1 Interact | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php. | ||||
| CVE-2007-3329 | 1 Xvid | 1 Xvid | 2025-04-09 | N/A |
| Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file. | ||||
| CVE-2009-2202 | 1 Apple | 1 Quicktime | 2025-04-09 | N/A |
| Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. | ||||
| CVE-2007-3342 | 1 Six Apart | 1 Movable Type | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231. | ||||
| CVE-2007-1330 | 1 Comodo | 1 Comodo Firewall Pro | 2025-04-09 | N/A |
| Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times. | ||||
| CVE-2007-3354 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978. | ||||
| CVE-2007-1331 | 1 Tks Banking Solutions | 1 Eportfolio | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2053 | 1 Afflib | 1 Afflib | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. | ||||