Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6768 | 1 Shopsystem-forum | 1 K\&s Shopsoftware | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.
|
|||||
| CVE-2006-5570 | 1 Kynoslogic | 1 Cruiseworks | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter.
|
|||||
| CVE-2006-6670 | 1 Nortel | 1 Callpilot Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.
|
|||||
| CVE-2007-2051 | 1 Bftpd | 1 Bftpd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.
|
|||||
| CVE-2006-5062 | 1 Pblang | 1 Pblang | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter.
|
|||||
| CVE-2009-3984 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
|
|||||
| CVE-2006-6181 | 1 Clicktech | 1 Clickcontact | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters.
|
|||||
| CVE-2006-6340 | 1 Nvidia | 1 Nview | 2025-04-09 | 5.0 MEDIUM | N/A |
|
keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. NOTE: it is not clear whether this issue crosses security boundaries. If not, then this is not a vulnerability.
|
|||||
| CVE-2007-0963 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006.
|
|||||
| CVE-2007-0398 | 1 Arnotic | 1 A-forum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.
|
|||||
| CVE-2007-3610 | 1 Vastal I-tech | 1 Phpvid | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2006-5820 | 1 Aol | 1 Aol | 2025-04-09 | 9.3 HIGH | N/A |
|
The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.
|
|||||
| CVE-2006-6308 | 1 Symantec | 1 Livestate Agent For Windows | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability
|
|||||
| CVE-2007-2779 | 1 Libstats | 1 Libstats | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter.
|
|||||
| CVE-2007-3703 | 1 Zenturi | 1 Zenturi Programchecker | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987.
|
|||||
| CVE-2006-5023 | 1 Aspindir | 1 Xweblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter.
|
|||||
| CVE-2006-6066 | 1 Dragon Internet | 1 Events Listing | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp.
|
|||||
| CVE-2006-5869 | 1 Pstotext | 1 Pstotext | 2025-04-09 | 5.1 MEDIUM | N/A |
|
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.
|
|||||
| CVE-2007-1622 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
|
|||||
| CVE-2007-3775 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
|
|||||
| CVE-2007-0968 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections.
|
|||||
| CVE-2006-6166 | 1 Ryan Demmer | 1 Joomla Content Editor | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.
|
|||||
| CVE-2007-1989 | 1 Dotclear | 1 Dotclear | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-7103 | 1 Ezonlinegallery | 1 Ezonlinegallery | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php.
|
|||||
| CVE-2006-6019 | 1 Bloo | 1 Bloo | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
|||||
| CVE-2007-0396 | 1 Hp | 1 Hp-ux | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.
|
|||||
| CVE-2007-2043 | 1 Avant-garde Solutions | 1 Mosmedia | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.
|
|||||
| CVE-2007-0807 | 1 Darrens 5-dollar Script Archive | 1 Flashchat | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature.
|
|||||
| CVE-2006-5681 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.6 LOW | N/A |
|
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.
|
|||||
| CVE-2007-0100 | 1 Perforce | 1 Perforce Client | 2025-04-09 | 10.0 HIGH | N/A |
|
The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server.
|
|||||
| CVE-2009-3695 | 1 Djangoproject | 1 Django | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
|
|||||
| CVE-2007-3640 | 1 Adobe | 1 Adobe Air | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE.
|
|||||
| CVE-2007-2471 | 1 Sendcard | 1 Sendcard | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter.
|
|||||
| CVE-2007-1299 | 1 Mani Stats Reader | 1 Mani Stats Reader | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.
|
|||||
| CVE-2007-2897 | 1 Microsoft | 1 Internet Information Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist ...
Show More |
|||||
| CVE-2007-5158 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511.
|
|||||
| CVE-2007-4439 | 1 Lighthouse Development | 1 Squirrelcart | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably related to cart.php.
|
|||||
| CVE-2007-1401 | 1 Php | 1 Php | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.
|
|||||
| CVE-2006-5234 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as ...
Show More |
|||||
| CVE-2007-4381 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
|
|||||