Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5387 | 1 Phpbb Plusxl | 1 Plusxl | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in mods/iai/includes/constants.php in the PlusXL 20_272 and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2006-5374 | 1 Oracle | 1 Pharmaceutical | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01.
|
|||||
| CVE-2007-2050 | 1 Ricargbook | 1 Ricargbook | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter.
|
|||||
| CVE-2006-7188 | 1 Web-app.net | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable.
|
|||||
| CVE-2006-6522 | 1 Wikitimescale | 1 Twozero | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module and (2) event descriptions. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-7215 | 1 Intel | 3 Core 2 Duo E4000, Core 2 Duo E6000, Core 2 Extreme X6800 | 2025-04-09 | 2.1 LOW | N/A |
|
The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90.
|
|||||
| CVE-2006-6518 | 1 Scriptphp | 1 Pronews | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php.
|
|||||
| CVE-2007-1620 | 1 Php Db Designer | 1 Php Db Designer | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php.
|
|||||
| CVE-2007-2814 | 1 Pegasus | 1 Imagn Activex Control | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.
|
|||||
| CVE-2006-6779 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript.
|
|||||
| CVE-2007-4289 | 1 Sun | 1 Java System Portal Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.
|
|||||
| CVE-2006-5954 | 1 Netvios | 1 Netvios | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
|
|||||
| CVE-2006-5707 | 1 Phpeasydata Pro | 1 Phpeasydata Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2007-1278 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
|
|||||
| CVE-2007-3559 | 1 Php-fusion | 1 Php-fusion | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.
|
|||||
| CVE-2007-1090 | 1 Microsoft | 3 Windows 2003 Server, Windows Explorer, Windows Xp | 2025-04-09 | 7.1 HIGH | N/A |
|
Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
|
|||||
| CVE-2007-2015 | 1 Request It | 1 Request It | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
|
|||||
| CVE-2007-0198 | 1 Cisco | 4 Ip Contact Center Enterprise, Ip Contact Center Hosted, Unified Contact Center Enterprise and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port.
|
|||||
| CVE-2007-3604 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 4.0 MEDIUM | N/A |
|
vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.
|
|||||
| CVE-2006-5796 | 1 Soholaunch | 1 Soholaunch Pro Edition | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php.
|
|||||
| CVE-2006-5388 | 1 Webspell | 1 Webspell | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783.
|
|||||
| CVE-2006-4902 | 1 Symantec | 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server | 2025-04-09 | 10.0 HIGH | N/A |
|
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands.
|
|||||
| CVE-2007-2902 | 1 Dokeos | 1 Dokeos | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
|
|||||
| CVE-2008-3820 | 1 Cisco | 1 Security Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.
|
|||||
| CVE-2006-6391 | 1 Open Solution | 1 Quick.cart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-1707 | 1 Net-side.net | 1 Net Side Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Net Side Content Management System (Net-Side.net CMS) allows remote attackers to execute arbitrary PHP code via a URL in the cms parameter.
|
|||||
| CVE-2006-5270 | 1 Microsoft | 5 Antigen, Forefront Security, Malware Protection Engine and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.
|
|||||
| CVE-2007-0757 | 1 Miguel Nunes | 1 Call Of Duty 2 Dreamstats System | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.
|
|||||
| CVE-2007-2306 | 1 Vwar | 1 Virtual War | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php.
|
|||||
| CVE-2006-5194 | 1 Net2ftp | 1 Net2ftp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-1863 | 2 Apache, Apple | 2 Http Server, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
|
|||||
| CVE-2007-1830 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch", and possibly related to copying files to the user-lib and the "XSS and cookies exploit."
|
|||||
| CVE-2007-2964 | 1 F-secure | 1 Policy Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.
|
|||||
| CVE-2007-0742 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.8 HIGH | N/A |
|
The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2007-0164 | 1 Camouflage | 1 Camouflage | 2025-04-09 | 7.8 HIGH | N/A |
|
Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.
|
|||||
| CVE-2007-4110 | 1 Codewidgets | 1 Threaded Discussion Forum Application | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter.
|
|||||
| CVE-2007-3796 | 1 Mailmarshal | 1 Mailmarshal Smtp | 2025-04-09 | 7.6 HIGH | N/A |
|
The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.
|
|||||
| CVE-2006-5206 | 1 Invision Power Services | 1 Invision Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.
|
|||||
| CVE-2007-1321 | 4 Debian, Fedoraproject, Qemu and 1 more | 5 Debian Linux, Fedora, Fedora Core and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities ...
Show More |
|||||
| CVE-2007-3067 | 1 Eqdkp | 1 Attunement And Key | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php.
|
|||||