Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5260 | 1 Compteur | 1 Compteur | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in compteur.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the cp parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2007-2177 | 1 Microgaming | 1 Download Helper Activex Control | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-0509 | 1 Maklerplus | 1 Maklerplus | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages.
|
|||||
| CVE-2007-2901 | 1 Dokeos | 1 Dokeos | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
|
|||||
| CVE-2007-1011 | 1 Vs-gastebuch | 1 Vs-gastebuch | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.
|
|||||
| CVE-2006-7048 | 1 Claroline | 1 Claroline | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, ...
Show More |
|||||
| CVE-2007-4357 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified.
|
|||||
| CVE-2007-2304 | 1 Qdblog | 1 Qdblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files.
|
|||||
| CVE-2006-5145 | 1 Olate | 1 Olatedownload | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
|
|||||
| CVE-2007-0416 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.5 HIGH | N/A |
|
The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.
|
|||||
| CVE-2007-1712 | 1 Active Web Softwares | 1 Active Auction House | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2007-1788 | 1 Flyspray | 1 Flyspray | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.
|
|||||
| CVE-2006-5535 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
|
|||||
| CVE-2007-4479 | 1 Aleadsoft.com | 1 Search Engine Builder Professional | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.html in Search Engine Builder allows remote attackers to inject arbitrary web script or HTML via the searWords parameter.
|
|||||
| CVE-2009-3020 | 1 Microsoft | 1 Windows Server 2003 | 2025-04-09 | 7.1 HIGH | N/A |
|
win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5406 | 3 Autonomy, Ibm, Symantec | 3 Keyview, Lotus Notes, Mail Security | 2025-04-09 | 9.3 HIGH | N/A |
|
kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.
|
|||||
| CVE-2006-5173 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a SIGBUS in other processes that have an unaligned access.
|
|||||
| CVE-2007-3299 | 1 Awffull | 1 Awffull | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string.
|
|||||
| CVE-2007-0592 | 1 Indexcor | 1 Ezdatabase | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.
|
|||||
| CVE-2007-0420 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
|
|||||
| CVE-2007-4317 | 1 Zyxel | 2 Zynos, Zywall 2 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters.
|
|||||
| CVE-2007-3583 | 1 Girlserv | 1 Girlserv Ads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.
|
|||||
| CVE-2006-6115 | 1 Fipsasp | 1 Fipscms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.
|
|||||
| CVE-2007-3558 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
|
|||||
| CVE-2007-4195 | 1 The Sleuth Kit | 1 The Sleuth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain ext2fs files via a malformed ext2fs image.
|
|||||
| CVE-2006-5609 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter.
|
|||||
| CVE-2007-2800 | 1 Eticket | 1 Eticket | 2025-04-09 | 5.0 MEDIUM | N/A |
|
index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.
|
|||||
| CVE-2007-1571 | 1 Radical Designs | 1 Activist Mobilization Platform | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/base.php in Radical Designs Activist Mobilization Platform (AMP) 3.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
|
|||||
| CVE-2007-0401 | 1 Easebay Resources | 1 Login Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.
|
|||||
| CVE-2006-5083 | 1 Phpbb Security | 1 Importal | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/functions_portal.php in Integrated MODs (IM) Portal 1.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-0950 | 1 Fullaspsite | 1 Asp Hosting Site | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
|
|||||
| CVE-2007-0202 | 1 Alexphpteam | 1 Alex Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.
|
|||||
| CVE-2007-2520 | 1 Frank Mancuso | 1 Mynews | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.
|
|||||
| CVE-2007-2837 | 2 Debian, Fireflier | 2 Debian Linux, Fireflier | 2025-04-09 | 3.6 LOW | N/A |
|
The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.
|
|||||
| CVE-2007-3827 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window.
|
|||||
| CVE-2006-5163 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-09 | 3.6 LOW | N/A |
|
IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.
|
|||||
| CVE-2007-0685 | 1 Microsoft | 1 Windows Mobile | 2025-04-09 | 2.6 LOW | N/A |
|
Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.
|
|||||
| CVE-2007-0970 | 1 Webtester | 1 Webtester | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.
|
|||||
| CVE-2006-5058 | 1 Activision | 3 Call Of Duty, Call Of Duty 2, Call Of Duty United Offensive | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command.
|
|||||
| CVE-2008-0591 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".
|
|||||