Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6530 | 1 Drupal | 1 Help Tip Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2006-5419 | 1 University Of Glasgow | 1 Specimen Image Database | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in client.php in University of Glasgow Specimen Image Database (SID), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter.
|
|||||
| CVE-2006-5263 | 1 Phpmyagenda | 1 Phpmyagenda | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
|
|||||
| CVE-2006-5967 | 1 Panda | 1 Activescan | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe.
|
|||||
| CVE-2007-2254 | 1 Deltascripts | 1 Php Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this product was referred to as "Allfaclassfieds" in the original disclosure.
|
|||||
| CVE-2006-6370 | 1 Invision Power Services | 1 Invision Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php.
|
|||||
| CVE-2007-1205 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
|
|||||
| CVE-2007-2067 | 1 Webslider | 1 Webslider | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php.
|
|||||
| CVE-2007-2759 | 1 Adempiere | 1 Adempiere | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ValuePreference.java) in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0441 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors.
|
|||||
| CVE-2007-2718 | 2 Microsoft, Stalker | 2 Internet Explorer, Communigate Pro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.
|
|||||
| CVE-2007-0828 | 1 Mysqlnewsengine | 1 Mysqlnewsengine | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter.
|
|||||
| CVE-2009-3563 | 1 Ntp | 1 Ntp | 2025-04-09 | 6.4 MEDIUM | N/A |
|
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
|
|||||
| CVE-2007-3480 | 1 Pc Soft | 1 Windev | 2025-04-09 | 7.1 HIGH | N/A |
|
PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file.
|
|||||
| CVE-2007-2605 | 1 Brujula Toolbar | 1 Brujula Toolbar | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments.
|
|||||
| CVE-2006-6680 | 1 Chetcpasswd | 1 Chetcpasswd | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.
|
|||||
| CVE-2007-1522 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.
|
|||||
| CVE-2007-0368 | 1 Michiel Broek | 1 Mbse-bbs | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.
|
|||||
| CVE-2008-1713 | 1 Noticeware | 1 Email Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp).
|
|||||
| CVE-2007-4270 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files.
|
|||||
| CVE-2007-2389 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, All Windows | 2025-04-09 | 7.1 HIGH | N/A |
|
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.
|
|||||
| CVE-2007-1298 | 1 Aj Square | 1 Ajauction | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
|
|||||
| CVE-2006-6708 | 1 Mginternet | 1 Property Site Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter.
|
|||||
| CVE-2007-1937 | 1 Dreamcodes | 1 Scorp Book | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.
|
|||||
| CVE-2007-0132 | 1 Igeneric | 1 Ig Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-5159 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I ha ...
Show More |
|||||
| CVE-2006-6269 | 1 Infinity Technologies | 1 Infinitytechs Restaurants Cm | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp.
|
|||||
| CVE-2007-4260 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2025-04-09 | 5.0 MEDIUM | N/A |
|
EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.
|
|||||
| CVE-2006-5643 | 1 Foresite Cms | 1 Foresite Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
|||||
| CVE-2006-7200 | 1 Emc | 1 Rsa Security Sitekey | 2025-04-09 | 9.0 HIGH | N/A |
|
EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.
|
|||||
| CVE-2006-6079 | 1 Imendio Ab | 1 Loudmouth | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php.
|
|||||
| CVE-2007-2646 | 1 Yenc32 | 1 Yenc32 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted remote attackers to execute arbitrary code via a long filename in an NTX file.
|
|||||
| CVE-2007-1405 | 1 Edgewall Software | 1 Trac | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
|||||
| CVE-2006-6245 | 1 Photo Organizer | 1 Photo Organizer | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2006-6525 | 1 Ezhrs | 1 Hr Assist | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5294 | 1 Tincan | 1 Phplist | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.
|
|||||
| CVE-2008-4586 | 1 Acresso | 1 Flexnet Connect | 2025-04-09 | 9.3 HIGH | N/A |
|
Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method.
|
|||||
| CVE-2007-4538 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 5.0 MEDIUM | N/A |
|
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
|
|||||
| CVE-2006-6936 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032.
|
|||||
| CVE-2007-1602 | 1 Weekly Drawing Contest | 1 Weekly Drawing Contest | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter.
|
|||||