Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6188 | 1 Clicktech | 1 Clickgallery | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-7054 | 1 Arkoon | 1 Fast360 | 2025-04-09 | 7.8 HIGH | N/A |
|
The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 through 3.3, and 4.0 allows remote attackers to cause a denial of service (reboot) via a malformed DNS message, as demonstrated by the PROTOS DNS testing suite.
|
|||||
| CVE-2006-6209 | 1 Midicart Software | 2 Midicart Asp Plus Shopping Cart, Midicart Asp Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
|
|||||
| CVE-2007-3808 | 1 Php Arena | 1 Pafiledb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000.
|
|||||
| CVE-2008-4584 | 1 Chilkat Software | 1 Mail | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method.
|
|||||
| CVE-2006-5520 | 1 Deltascripts | 1 Php Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter.
|
|||||
| CVE-2007-0332 | 1 Xentraz | 1 Liens Dynamiques | 2025-04-09 | 7.5 HIGH | N/A |
|
(1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request.
|
|||||
| CVE-2006-6258 | 1 Alternc | 1 Alternc | 2025-04-09 | 9.3 HIGH | N/A |
|
The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack.
|
|||||
| CVE-2006-5278 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
|
|||||
| CVE-2007-2403 | 1 Apple | 3 Cfnetwork, Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers.
|
|||||
| CVE-2006-6620 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
|
|||||
| CVE-2007-4530 | 1 Teamspeak | 1 Web Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html.
|
|||||
| CVE-2006-6867 | 1 Vladimir Meshakov | 1 Bubla | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809.
|
|||||
| CVE-2007-0529 | 1 Php Link Directory | 1 Php Link Directory | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality.
|
|||||
| CVE-2006-6870 | 1 Avahi | 1 Avahi | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
|
|||||
| CVE-2006-6267 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 7.8 HIGH | N/A |
|
PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message.
|
|||||
| CVE-2007-1941 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843.
|
|||||
| CVE-2007-2194 | 1 Gentoo | 1 Xnview | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6142 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
|
|||||
| CVE-2007-2720 | 1 Group-office | 1 Group-office Groupware | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0298 | 1 Dexxaboy | 1 Lunarpoll | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter.
|
|||||
| CVE-2008-4587 | 1 Acresso | 1 Flexnet Connect | 2025-04-09 | 9.3 HIGH | N/A |
|
Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.
|
|||||
| CVE-2007-2512 | 1 Alcatel-lucent | 1 Omnipcx | 2025-04-09 | 7.5 HIGH | N/A |
|
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.
|
|||||
| CVE-2007-2863 | 2 Broadcom, Ca | 6 Anti-virus For The Enterprise, Brightstor Arcserve Backup, Brightstor Enterprise Backup and 3 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
|
|||||
| CVE-2007-1021 | 1 Xfairguy | 1 Codeavalanche News | 2025-04-09 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.
|
|||||
| CVE-2006-5668 | 1 Ampache | 1 Ampache | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.
|
|||||
| CVE-2006-5816 | 1 Dmitry Sheiko | 1 Business Card Web Builder | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder (BCWB) 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the root_path_admin parameter to (1) /include/startup.inc.php, (2) dcontent/default.css.php, or (3) system/default.css.php, different vectors than CVE-2006-4946.
|
|||||
| CVE-2007-3667 | 1 Activereportsexcelreport | 1 Activereportsexcelreport | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport allows remote attackers to cause a denial of service via the DDRow Height variable.
|
|||||
| CVE-2007-1226 | 1 Mcafee | 1 Virex | 2025-04-09 | 4.1 MEDIUM | N/A |
|
McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.
|
|||||
| CVE-2006-6582 | 1 Scriptmate | 1 User Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp, and (3) the Search box. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-1341 | 1 Simple Invoices | 1 Simple Invoices | 2025-04-09 | 5.0 MEDIUM | N/A |
|
include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.
|
|||||
| CVE-2007-2440 | 1 Caucho Technology | 1 Resin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence.
|
|||||
| CVE-2007-2374 | 2 Avaya, Microsoft | 7 Definity One Media Server, Media Server, S3400 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
|
|||||
| CVE-2007-4094 | 1 Idevspot | 1 Phphostbot | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776.
|
|||||
| CVE-2006-6154 | 1 Hscripts | 1 Hiox Star Rating System Script | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
|
|||||
| CVE-2007-0111 | 1 Resco | 1 Photo Viewer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image.
|
|||||
| CVE-2009-1212 | 1 Precisionid | 1 Data Matrix Barcode Activex Control | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods.
|
|||||
| CVE-2006-6594 | 1 Scriptmate | 1 User Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in utilities/usermessages.asp in ScriptMate User Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the mesid parameter.
|
|||||
| CVE-2007-0812 | 1 Woltlab | 1 Burning Board Lite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.
|
|||||
| CVE-2008-0537 | 1 Cisco | 5 7600 Router, Catalyst 6500, Me 6524 Ethernet Switch and 2 more | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.
|
|||||