Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5118 | 1 Phpselect | 1 Web Development Division | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter.
|
|||||
| CVE-2007-3165 | 1 Tor | 1 Tor | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.
|
|||||
| CVE-2006-5531 | 1 Ascended Development | 1 Ascended Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter.
|
|||||
| CVE-2007-0514 | 1 Hitachi | 19 Cosminexus Application Server, Cosminexus Application Server Version 5, Cosminexus Developer Light Version 6 and 16 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.
|
|||||
| CVE-2007-2163 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
|
|||||
| CVE-2007-4482 | 1 Wordpress | 1 Pool | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
|
|||||
| CVE-2006-7124 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.
|
|||||
| CVE-2007-4434 | 1 Aspindir | 1 Text File Search | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
|||||
| CVE-2007-3153 | 1 Daniel Stenberg | 1 C-ares | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.
|
|||||
| CVE-2007-3891 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.
|
|||||
| CVE-2007-2742 | 1 Labs.beffa.org | 1 W2box | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg.
|
|||||
| CVE-2006-4704 | 1 Microsoft | 1 Visual Studio .net | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
|
|||||
| CVE-2007-3140 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
|
|||||
| CVE-2007-2299 | 1 Frogss | 1 Frogss Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536.
|
|||||
| CVE-2007-2159 | 1 Drupal | 1 Database Administration Module | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface.
|
|||||
| CVE-2006-5071 | 1 Eyeos Project | 1 Eyeos | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php.
|
|||||
| CVE-2007-0823 | 1 Slackware | 1 Slackware Linux | 2025-04-09 | 1.9 LOW | N/A |
|
xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability.
|
|||||
| CVE-2008-3661 | 1 Drupal | 1 Drupal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
|
|||||
| CVE-2007-6019 | 1 Adobe | 4 Air, Flash, Flash Player and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.
|
|||||
| CVE-2006-7001 | 1 Phpmychat Plus | 1 Phpmychat Plus | 2025-04-09 | 7.1 HIGH | N/A |
|
Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6330 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 6.0 MEDIUM | N/A |
|
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.
|
|||||
| CVE-2007-3692 | 1 Kddi | 1 Ezfactory Download Cgi | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter.
|
|||||
| CVE-2007-1814 | 1 Xoops | 1 Core Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.
|
|||||
| CVE-2009-1286 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities.
|
|||||
| CVE-2007-3783 | 1 Envivosoft | 1 Envivo Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4.
|
|||||
| CVE-2007-3223 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions.
|
|||||
| CVE-2006-4098 | 1 Cisco | 1 Secure Access Control Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
|
|||||
| CVE-2007-4291 | 1 Cisco | 1 Ios | 2025-04-09 | 7.1 HIGH | N/A |
|
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption.
|
|||||
| CVE-2009-1203 | 1 Cisco | 1 Adaptive Security Appliance | 2025-04-09 | 6.0 MEDIUM | N/A |
|
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.
|
|||||
| CVE-2009-4534 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2008-5029 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.
|
|||||
| CVE-2006-6092 | 1 20 20 Applications | 1 20 20 Auto Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters.
|
|||||
| CVE-2007-0959 | 1 Cisco | 2 Asa 5500, Pix Firewall Software | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to inspect certain TCP-based protocols, allows remote attackers to cause a denial of service (device reboot) via malformed TCP packets.
|
|||||
| CVE-2006-5472 | 1 Softerra | 1 Php Developer Library | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php.
|
|||||
| CVE-2007-2426 | 1 Wildbits | 1 Mygallery | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.
|
|||||
| CVE-2007-3840 | 1 Sitetrafficstats | 1 Sitetrafficstats | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter.
|
|||||
| CVE-2009-3851 | 1 Sun | 1 Solaris | 2025-04-09 | 7.2 HIGH | N/A |
|
Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the "restart daemon."
|
|||||
| CVE-2007-2473 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
|
|||||
| CVE-2007-3356 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2025-04-09 | 7.8 HIGH | N/A |
|
NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the display_errors setting in (1) Common.php and (2) imageresizer.php, and (3) the use of __FILE__ in error reporting by imageresizer.php; and (4) via certain requests that reveal the table name and complete query, related to the Halt_On_Error setting in Mysql_db.php.
|
|||||
| CVE-2006-6524 | 1 Ezhrs | 1 Hr Assist | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the Uname (UserName) parameter.
|
|||||