Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2551 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
|
|||||
| CVE-2007-2807 | 1 Eggheads | 1 Eggdrop Irc Bot | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.
|
|||||
| CVE-2007-2342 | 1 Creascripts | 1 Creadirectory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in error.asp in CreaScripts CreaDirectory 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-6083.
|
|||||
| CVE-2006-6016 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.0 MEDIUM | 6.5 MEDIUM |
|
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
|
|||||
| CVE-2007-1943 | 1 Acd Systems | 1 Acdsee Photo Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.
|
|||||
| CVE-2007-6304 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
|
|||||
| CVE-2007-0056 | 1 Ashopsoftware | 2 Ashop Administration Panel, Ashop Deluxe | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage p ...
Show More |
|||||
| CVE-2007-3202 | 1 Bruce Corkhill | 1 Web Wiz Rich Text Editor | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document.
|
|||||
| CVE-2007-3594 | 1 Adventnet | 1 Manageengine Netflow Analyzer | 2025-04-09 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: ...
Show More |
|||||
| CVE-2007-0574 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0915 | 1 Ipdiva | 1 Ipdiva | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 stores the number of remaining allowed login attempts in a cookie, which makes it easier for remote attackers to conduct brute force attacks by manipulating this cookie's value.
|
|||||
| CVE-2006-5880 | 1 Isystems | 1 Munch Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2006-5809 | 1 Jonathon J. Freeman | 1 Ovbb | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors.
|
|||||
| CVE-2006-6907 | 1 Bluesoil Bluetooth | 1 Bluesoil Bluetooth | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.
|
|||||
| CVE-2007-1727 | 4 Hp, Linux, Microsoft and 1 more | 7 Hp-ux, Openview Network Node Manager, Linux Kernel and 4 more | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.
|
|||||
| CVE-2007-3196 | 1 Jelsoft | 1 Vbsupport Integrated Ticket System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action.
|
|||||
| CVE-2009-2812 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.
|
|||||
| CVE-2007-3821 | 1 Citadel | 1 Webcit | 2025-04-09 | 7.5 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.
|
|||||
| CVE-2007-0114 | 1 Sun | 1 Java System Content Delivery Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.
|
|||||
| CVE-2007-2016 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
|
|||||
| CVE-2006-5167 | 1 Basilix | 1 Basilix Webmail | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) ...
Show More |
|||||
| CVE-2007-3001 | 1 Php Jackknife | 1 Php Jackknife | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.
|
|||||
| CVE-2007-0078 | 1 Battleblog | 1 Battleblog | 2025-04-09 | 5.0 MEDIUM | N/A |
|
BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.
|
|||||
| CVE-2006-5227 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable.
|
|||||
| CVE-2008-0756 | 1 Cyan Soft | 6 Cyanprintip Basic, Cyanprintip Easy Opi, Cyanprintip Professional and 3 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a "Send queue state" LPD command 3 or (2) a "Send queue state" LPD command 4.
|
|||||
| CVE-2007-1768 | 1 Mephisto | 2 Mephisto, Mephisto Edge | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment.
|
|||||
| CVE-2007-3251 | 1 E-vision | 1 E-vision Cms | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php.
|
|||||
| CVE-2006-6529 | 1 Drupal | 1 Chatroom Module | 2025-04-09 | 7.5 HIGH | N/A |
|
The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview.
|
|||||
| CVE-2007-3163 | 1 Frederico Caldeira Knabben | 1 Fckeditor | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.
|
|||||
| CVE-2007-3193 | 1 Phpwiki | 1 Phpwiki | 2025-04-09 | 10.0 HIGH | N/A |
|
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
|
|||||
| CVE-2007-3859 | 1 Oracle | 3 Application Server, Collaboration Suite, Database Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01.
|
|||||
| CVE-2007-4136 | 1 Redhat | 1 Conga | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.
|
|||||
| CVE-2007-3581 | 1 Jedox | 1 Palo | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.
|
|||||
| CVE-2007-3311 | 1 Xoops | 1 Articles Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-6502 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 7.1 HIGH | N/A |
|
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.
|
|||||
| CVE-2007-4111 | 1 Codewidgets | 1 Real Estate Listing Website Application Template | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter.
|
|||||
| CVE-2007-1008 | 1 Apple | 1 Itunes | 2025-04-09 | 2.6 LOW | N/A |
|
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
|
|||||
| CVE-2006-6281 | 1 Dicshunary | 1 Dicshunary | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter.
|
|||||
| CVE-2007-2422 | 1 Comdev | 1 Modules Builder | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string
|
|||||
| CVE-2007-2429 | 1 Manageengine | 1 Passwordmanager Pro | 2025-04-09 | 10.0 HIGH | N/A |
|
ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||