Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5505 | 1 Ben3w | 1 2bgal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-6192 | 1 8pixel.net | 1 Simple Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5086 | 1 Libvirt | 1 Libvirt | 2025-04-09 | 7.2 HIGH | N/A |
|
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
|
|||||
| CVE-2007-3863 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02.
|
|||||
| CVE-2007-2684 | 1 Jetbox | 1 Jetbox Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.
|
|||||
| CVE-2006-6307 | 1 Novell | 1 Client | 2025-04-09 | 5.0 MEDIUM | N/A |
|
srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary.
|
|||||
| CVE-2007-2313 | 1 Mxbb | 1 Mx Shotcast | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
|
|||||
| CVE-2007-0053 | 1 Asp Siteware | 1 Autodealer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter.
|
|||||
| CVE-2008-0299 | 1 Python Software Foundation | 1 Paramiko | 2025-04-09 | 4.3 MEDIUM | N/A |
|
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.
|
|||||
| CVE-2007-1827 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to corrupt data files, gain access to private files, and execute arbitrary code via "certain characters."
|
|||||
| CVE-2007-4483 | 1 Wordpress | 1 Wordpressclassic | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
|
|||||
| CVE-2007-0853 | 1 Techexcel Inc. | 1 Devtrack | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4536 | 1 Torrenttrader | 1 Torrenttrader | 2025-04-09 | 4.6 MEDIUM | N/A |
|
TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend to other files.
|
|||||
| CVE-2007-3779 | 1 Squirrelmail | 1 Gpg Plugin | 2025-04-09 | 4.3 MEDIUM | N/A |
|
PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter.
|
|||||
| CVE-2006-7057 | 1 Sphider | 1 Sphider | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might be primary to CVE-2006-2506.2.
|
|||||
| CVE-2006-6481 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.
|
|||||
| CVE-2006-6088 | 1 Blue-collar Productions | 1 I-gallery | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6110 | 1 Bpg-infotech | 1 Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp.
|
|||||
| CVE-2007-2130 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01.
|
|||||
| CVE-2006-5150 | 1 Openbiblio | 1 Openbiblio | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-3044 | 2 Hitachi, Hp | 3 Hi Ux We2, Xp W, Hp-ux | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port.
|
|||||
| CVE-2007-2709 | 1 Nagiosql | 1 Nagiosql 2005 | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter.
|
|||||
| CVE-2007-2095 | 1 Myspeach | 1 Myspeach | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498.
|
|||||
| CVE-2007-1465 | 1 Dproxy | 1 Dproxy | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53.
|
|||||
| CVE-2006-5833 | 1 Greenbeast Cms | 1 Greenbeast Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file.
|
|||||
| CVE-2006-5624 | 1 Mpcs | 1 Mpcs | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2008-1057 | 1 Openbsd | 1 Openbsd | 2025-04-09 | 7.8 HIGH | N/A |
|
The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.
|
|||||
| CVE-2007-0934 | 1 Microsoft | 1 Visio | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
|
|||||
| CVE-2007-3420 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
|
The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.
|
|||||
| CVE-2007-4355 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2007-2288 | 1 Doruk100.net | 1 Doruk100net | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
|
|||||
| CVE-2007-1927 | 1 Youngzsoft | 1 Cmailserver | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.
|
|||||
| CVE-2009-0218 | 2 Ldra, Particlesoftware | 2 Tbbrowse, Intralaunch | 2025-04-09 | 9.3 HIGH | N/A |
|
Insecure method vulnerability in Particle Software IntraLaunch Application Launcher ActiveX control in IntraLaunch.ocx, as used in LDRA TBbrowse and possibly other products, allows remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2006-5408 | 1 Mobilesecure Inc | 2 Highwall Endpoint, Highwall Enterprise | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to inject arbitrary HTML or web script via unspecified vectors.
|
|||||
| CVE-2006-6068 | 1 Malbum | 1 Malbum | 2025-04-09 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php.
|
|||||
| CVE-2007-2268 | 1 Swsoft | 1 Plesk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.
|
|||||
| CVE-2007-4083 | 1 Alstrasoft | 1 Askme Pro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php.
|
|||||
| CVE-2007-3327 | 1 Bughunter | 1 Http Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space).
|
|||||
| CVE-2007-0287 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 1.7 LOW | N/A |
|
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.
|
|||||
| CVE-2007-2937 | 1 Troforum | 1 Troforum | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
|
|||||