Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5488 | 1 Xchangeboard | 1 Xchangeboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2007-4022 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
|
|||||
| CVE-2006-6672 | 1 Maxiasp | 1 Burak Yilmaz Download Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2105 | 1 Monkey Cms | 1 Monkey Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter.
|
|||||
| CVE-2007-1224 | 1 Grok Developments | 1 Netproxy | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).
|
|||||
| CVE-2006-7029 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637.
|
|||||
| CVE-2006-6215 | 1 Wallpaper | 1 Wallpaper Complete Website | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php.
|
|||||
| CVE-2006-6765 | 1 Pagetool | 1 Pagetool | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter.
|
|||||
| CVE-2009-1926 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 7.8 HIGH | N/A |
|
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
|
|||||
| CVE-2007-4259 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2025-04-09 | 5.0 MEDIUM | N/A |
|
EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.
|
|||||
| CVE-2007-1264 | 1 Enigmail | 1 Enigmail | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
|
|||||
| CVE-2007-5193 | 2 Debian, Twiki | 2 Debian Linux, Twiki | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied.
|
|||||
| CVE-2006-5524 | 1 Phplist | 1 Phplist | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321.
|
|||||
| CVE-2007-0152 | 1 Ohhasp | 1 Ohhasp | 2025-04-09 | 7.5 HIGH | N/A |
|
OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.
|
|||||
| CVE-2007-0819 | 1 Hp | 1 Network Node Manager | 2025-04-09 | 7.2 HIGH | N/A |
|
HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.
|
|||||
| CVE-2007-3461 | 1 Elkagroup | 1 Image Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2006-6408 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
|
|||||
| CVE-2009-1694 | 1 Apple | 1 Safari | 2025-04-09 | 5.8 MEDIUM | N/A |
|
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."
|
|||||
| CVE-2006-7060 | 1 Scriptsez.net | 1 E-dating System | 2025-04-09 | 5.0 MEDIUM | N/A |
|
cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message.
|
|||||
| CVE-2007-4442 | 1 Epic Games | 1 Unreal Engine | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII.
|
|||||
| CVE-2007-0380 | 1 Docman | 1 Docman | 2025-04-09 | 5.0 MEDIUM | N/A |
|
DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.
|
|||||
| CVE-2007-2727 | 1 Php | 1 Php | 2025-04-09 | 2.6 LOW | N/A |
|
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.
|
|||||
| CVE-2006-5186 | 1 Phpmyprofiler | 1 Phpmyprofiler | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in functions.php in phpMyProfiler 0.9.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter.
|
|||||
| CVE-2007-3100 | 1 Redhat | 2 Enterprise Linux, Open Iscsi | 2025-04-09 | 2.1 LOW | N/A |
|
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore.
|
|||||
| CVE-2006-5558 | 1 Hp | 1 Hp-ux | 2025-04-09 | 10.0 HIGH | N/A |
|
Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.
|
|||||
| CVE-2006-6932 | 1 Image Gallery With Access Database | 1 Image Gallery With Access Database | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp.
|
|||||
| CVE-2007-4082 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
|
|||||
| CVE-2007-2475 | 1 Novell | 1 Securelogin | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes."
|
|||||
| CVE-2007-3704 | 1 Entertainment Cms | 1 Entertainment Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator."
|
|||||
| CVE-2006-6489 | 1 Sisco | 5 Ax-s4 Iccp, Ax-s4 Mms, Iccp Toolkit and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets.
|
|||||
| CVE-2007-1124 | 1 Xeroxer | 1 Simple One-file Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
|
|||||
| CVE-2007-1367 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.
|
|||||
| CVE-2007-0567 | 1 Interactive-scripts.com | 1 Php Membership Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter.
|
|||||
| CVE-2007-4068 | 1 Webyapar | 1 Webyapar | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the kat_id parameter to the default URI in a download action or (2) the id parameter to the default URI in a duyurular_detay action.
|
|||||
| CVE-2006-5008 | 1 Ibm | 1 Aix | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.
|
|||||
| CVE-2006-6805 | 1 Enthrallweb | 1 Ejobs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2007-0291 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.
|
|||||
| CVE-2006-5147 | 1 Vamp Webmail | 1 Vamp Webmail | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter.
|
|||||
| CVE-2007-1617 | 1 Scriptmagix | 1 Scriptmagix Recipes | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2006-5828 | 1 Deltascripts | 1 Php Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
|
|||||