Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5224 | 1 Dimitri Seitz | 1 Security Suite Ip Logger | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2007-1786 | 1 Hitachi | 5 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client and 2 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2006-5678 | 2 J-pierre Dezelus, Phpmyconferences | 2 Les Visiteurs, Phpmyconferences | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
|
PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_modules_dir parameter. NOTE: CVE disputes this vulnerability, because the inclusion occurs in a function that is not called during a direct request to library.inc.php
|
|||||
| CVE-2007-4156 | 1 Woliocms | 1 Woliocms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php.
|
|||||
| CVE-2007-4081 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action ...
Show More |
|||||
| CVE-2006-5050 | 1 Rob Landley | 1 Busybox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.
|
|||||
| CVE-2006-6781 | 1 Hlstats | 1 Hlstats | 2025-04-09 | 5.0 MEDIUM | N/A |
|
HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message.
|
|||||
| CVE-2006-6890 | 1 Voc-project | 1 Voodoo Chat | 2025-04-09 | 7.5 HIGH | N/A |
|
Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat.
|
|||||
| CVE-2006-7095 | 1 Klink | 1 Dim3 | 2025-04-09 | 10.0 HIGH | N/A |
|
Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow.
|
|||||
| CVE-2006-6151 | 1 Messagerie Locale | 1 Messagerie Locale | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6335 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll.
|
|||||
| CVE-2007-0261 | 1 Snews | 1 Snews | 2025-04-09 | 10.0 HIGH | N/A |
|
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
|
|||||
| CVE-2006-5705 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.
|
|||||
| CVE-2007-3367 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 7.8 HIGH | N/A |
|
Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-0339 | 1 Scriptme | 1 Sme Filemailer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4118 | 1 Jx Development | 1 Phpvoter | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/functions.inc.php in phpVoter 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
|
|||||
| CVE-2007-1187 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.5 MEDIUM | N/A |
|
WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.
|
|||||
| CVE-2007-2750 | 1 Simpnews | 1 Simpnews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter.
|
|||||
| CVE-2006-6093 | 1 Picturespro | 1 Picturespro Photo Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters.
|
|||||
| CVE-2007-1179 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks.
|
|||||
| CVE-2007-1824 | 1 Php | 1 Php | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
|
|||||
| CVE-2007-0500 | 1 Bradabra | 1 Bradabra | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
|
|||||
| CVE-2006-6642 | 1 Contra Haber Sistemi | 1 Contra Haber Sistemi | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-1885 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6.
|
|||||
| CVE-2007-0706 | 1 Fenrir | 1 Darksky Rss Bar | 2025-04-09 | 7.5 HIGH | N/A |
|
Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-2965 | 1 F-secure | 7 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus Linux Client Security and 4 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."
|
|||||
| CVE-2007-3691 | 1 Av Scripts | 1 Av Tutorial Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.
|
|||||
| CVE-2006-6422 | 1 Agileco | 2 Agilebill, Agilevoice | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle certain proxy requests, which allows remote attackers to disable the application by entering invalid license data on a form, possibly involving modules/core/license.inc.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-4810 | 1 Gnu | 1 Texinfo | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
|
|||||
| CVE-2006-6866 | 1 Stphp | 1 Easynews | 2025-04-09 | 7.8 HIGH | N/A |
|
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.
|
|||||
| CVE-2007-3993 | 1 Kerio | 1 Kerio Mailserver | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors.
|
|||||
| CVE-2007-3570 | 1 Novell | 1 Access Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
|
|||||
| CVE-2007-3230 | 1 Simian Systems Inc | 1 Sitellite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter.
|
|||||
| CVE-2007-2629 | 1 Bradford Networks | 1 Campusmanager Network Control Application Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/.
|
|||||
| CVE-2007-1024 | 1 Marcello Vitagliano | 1 Meganoides News | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.
|
|||||
| CVE-2006-6822 | 1 Enthrallweb | 1 Eclassifieds | 2025-04-09 | 3.5 LOW | N/A |
|
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
|
|||||
| CVE-2007-2584 | 1 Mcafee | 3 Security Center, Securitycenter Agent, Virusscan | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.
|
|||||
| CVE-2007-2911 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 8.5 HIGH | N/A |
|
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
|
|||||
| CVE-2007-3164 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.
|
|||||
| CVE-2007-3657 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS condition.
|
|||||