Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3544 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
|
|||||
| CVE-2007-0340 | 1 Thwboard | 1 Thwboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
|
|||||
| CVE-2007-0133 | 1 Igeneric | 1 Ig Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.
|
|||||
| CVE-2006-5759 | 1 Rhadrix | 1 If-cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty (1) rns[] or (2) pag[] arguments, which reveals the path in an error message.
|
|||||
| CVE-2006-5543 | 1 Pgosd | 1 Pgosd | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
|
|||||
| CVE-2007-4370 | 1 Racer | 1 Racer | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
|
|||||
| CVE-2009-3983 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
|
|||||
| CVE-2007-3017 | 1 Activeweb | 1 Contentserver | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.
|
|||||
| CVE-2007-3427 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action.
|
|||||
| CVE-2007-2681 | 1 B2evolution | 1 B2evolution | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.
|
|||||
| CVE-2007-1080 | 1 Turbosoft | 1 Turboftp | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command.
|
|||||
| CVE-2006-5827 | 1 Phpcomasy | 1 Phpcomasy | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) password parameters.
|
|||||
| CVE-2006-6029 | 1 Property Pro | 1 Property Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
|
|||||
| CVE-2007-1724 | 1 Reactos | 1 Reactos | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures.
|
|||||
| CVE-2006-5675 | 1 Pentaho | 1 Business Intelligence Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts.
|
|||||
| CVE-2007-1851 | 1 Really Simple Php And Ajax | 1 Really Simple Php And Ajax | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the __class parameter to (1) Controller_v4.php or (2) Controller_v5.php.
|
|||||
| CVE-2007-4449 | 1 Toribash | 1 Toribash | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command.
|
|||||
| CVE-2007-1791 | 1 Alexscriptengine | 1 Picture-engine | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2006-5951 | 1 Exophpdesk | 1 Exophpdesk | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
|
|||||
| CVE-2007-3556 | 1 Doubleflex | 1 Liesbeth Base Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc.
|
|||||
| CVE-2007-1108 | 1 Cs-gallery | 1 Cs-gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.
|
|||||
| CVE-2007-0638 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2025-04-09 | 5.0 MEDIUM | N/A |
|
show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.
|
|||||
| CVE-2007-2805 | 1 Clientexec | 1 Clientexec | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters.
|
|||||
| CVE-2006-6868 | 1 Zen Cart | 1 Web Shopping Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-1795 | 1 Jccorp | 1 Urlshrink | 2025-04-09 | 10.0 HIGH | N/A |
|
JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3267 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235.
|
|||||
| CVE-2006-6205 | 1 Enthrallweb | 1 Ehomes | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter.
|
|||||
| CVE-2007-2042 | 1 Avant-garde Solutions | 1 Mosmedia | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0351 | 2 Microsoft, Zonelabs | 3 Windows 2003 Server, Windows Xp, Zonealarm | 2025-04-09 | 6.2 MEDIUM | N/A |
|
Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
|
|||||
| CVE-2007-2165 | 1 Proftpd Project | 1 Proftpd | 2025-04-09 | 5.1 MEDIUM | N/A |
|
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
|
|||||
| CVE-2007-3791 | 1 Policyd | 1 Policyd | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0117 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
|
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
|
|||||
| CVE-2006-6928 | 1 Grandora | 1 Rialto | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp.
|
|||||
| CVE-2007-5319 | 1 Sun | 1 Solaris | 2025-04-09 | 3.5 LOW | N/A |
|
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.
|
|||||
| CVE-2007-2604 | 1 Brew City Software | 1 Flexlabel Ocx | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property.
|
|||||
| CVE-2007-0159 | 1 Geoip | 1 Geoip | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.
|
|||||
| CVE-2007-2537 | 1 Npds | 1 Npds | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.
|
|||||
| CVE-2007-0215 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2025-04-09 | 7.6 HIGH | N/A |
|
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
|
|||||
| CVE-2007-4265 | 1 Visionera Ab | 1 Visionproject | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do.
|
|||||
| CVE-2006-5406 | 1 Passgo | 1 Defender | 2025-04-09 | 3.6 LOW | N/A |
|
Passgo Defender 5.2 creates the application directory with insecure permissions (Everyone/Full Control), which allows local users to read and modify sensitive files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||