Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7034 | 9 Apple, Hp, Ibm and 6 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
|
|||||
| CVE-2006-5465 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
|
|||||
| CVE-2007-2066 | 1 Usebb | 1 Usebb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message.
|
|||||
| CVE-2007-1112 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2025-04-09 | 10.0 HIGH | N/A |
|
Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
|
|||||
| CVE-2007-0276 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).
|
|||||
| CVE-2006-6558 | 1 Crob | 1 Crob Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command.
|
|||||
| CVE-2007-4177 | 1 Interact | 1 Interact | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328.
|
|||||
| CVE-2007-2398 | 2 Apple, Microsoft | 2 Safari, Windows 2003 Server | 2025-04-09 | 7.1 HIGH | N/A |
|
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
|
|||||
| CVE-2006-6356 | 1 Phpnews | 1 Phpnews | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter.
|
|||||
| CVE-2007-3414 | 1 Access2asp | 1 Access2asp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp.
|
|||||
| CVE-2006-5184 | 1 Pkr Internet | 1 Taskjitsu | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid.
|
|||||
| CVE-2007-4316 | 1 Zyxel | 2 Zynos, Zywall 2 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions.
|
|||||
| CVE-2006-6061 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.
|
|||||
| CVE-2006-5450 | 1 Kinesis | 1 Kinesis Interactive Cinema System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.
|
|||||
| CVE-2007-4996 | 1 Pidgin | 1 Pidgin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
|
|||||
| CVE-2006-6842 | 1 Codemonkeyx | 1 Acronym Mod | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-2044 | 1 Antonis Ventouris | 1 Weather Module | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.
|
|||||
| CVE-2006-3887 | 1 Aol | 1 Ygp Screensaver Activex Control | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-1340 | 1 Weltennetz | 1 News-letterman | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter.
|
|||||
| CVE-2007-0211 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
|
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
|
|||||
| CVE-2007-0571 | 1 Phpmyreports | 1 Phpmyreports | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter.
|
|||||
| CVE-2007-3560 | 1 Esqlanelapse | 1 Esqlanelapse | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors.
|
|||||
| CVE-2007-1805 | 1 Myxoops | 1 Debaser | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter.
|
|||||
| CVE-2007-0094 | 1 Sven Moderow | 1 Sven Moderow Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/.
|
|||||
| CVE-2006-5787 | 1 Iprimal | 1 Iprimal Forums | 2025-04-09 | 7.5 HIGH | N/A |
|
admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php.
|
|||||
| CVE-2007-3784 | 1 Belkin | 1 F5d7231-4 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client.
|
|||||
| CVE-2007-0912 | 1 Jportal | 1 Jportal Web Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.
|
|||||
| CVE-2007-4500 | 1 Sshkeychain | 1 Sshkeychain | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 beta, and possibly later versions, allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2006-7128 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
|
|||||
| CVE-2006-6804 | 1 Enthrallweb | 1 Dragon Business Directory Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2007-4376 | 1 Szymon Kosok | 1 Best Top List | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/.
|
|||||
| CVE-2009-1275 | 1 Apache | 2 Struts, Tiles | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
|
|||||
| CVE-2007-0659 | 1 Modxcms | 1 Filedownload | 2025-04-09 | 7.5 HIGH | N/A |
|
download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.
|
|||||
| CVE-2006-6742 | 1 Hp | 3 Ftp Print Server, Laserjet 5000, Laserjet 5100 | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command.
|
|||||
| CVE-2007-2273 | 1 Alessandro Lulli | 1 Wavewoo | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/loading.php in Alessandro Lulli wavewoo 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter.
|
|||||
| CVE-2007-1492 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 7.1 HIGH | N/A |
|
winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.
|
|||||
| CVE-2007-4264 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters.
|
|||||
| CVE-2007-3051 | 1 Revokesoft | 1 Revokebb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.
|
|||||
| CVE-2007-2737 | 1 Xoops | 1 Myconference Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0839 | 1 Valarsoft | 1 Webmatic | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.
|
|||||